← 返回 Skills 市场
johnnywang2001

CORS Tester

作者 John Wang · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
213
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install cors-tester
功能描述
Test and debug CORS (Cross-Origin Resource Sharing) configurations on live URLs. Use when checking if a server returns correct CORS headers, debugging CORS e...
使用说明 (SKILL.md)

cors-tester

Test, debug, and generate CORS configurations from the command line.

Quick Start

# Test CORS headers on a URL
python3 scripts/cors_tester.py test https://api.example.com/data --origin https://myapp.com

# Test preflight (OPTIONS) request
python3 scripts/cors_tester.py preflight https://api.example.com/data --origin https://myapp.com --method POST --header "Content-Type"

# Generate CORS config for a framework
python3 scripts/cors_tester.py config --framework nginx --origins "https://myapp.com,https://staging.myapp.com" --methods "GET,POST,PUT,DELETE"

# Audit CORS security
python3 scripts/cors_tester.py audit https://api.example.com/data

Commands

test

Send a request with an Origin header and inspect the CORS response headers.

python3 scripts/cors_tester.py test \x3Curl> --origin \x3Corigin> [--method GET]

Options:

  • --origin \x3Curl> — Origin to test (required)
  • --method \x3Cmethod> — HTTP method (default: GET)
  • --verbose — Show all response headers

Output shows:

  • Access-Control-Allow-Origin — Whether the origin is allowed
  • Access-Control-Allow-Credentials — Whether credentials are supported
  • Access-Control-Expose-Headers — Which headers are exposed

preflight

Send an OPTIONS preflight request to test if a cross-origin request would be allowed.

python3 scripts/cors_tester.py preflight \x3Curl> --origin \x3Corigin> [--method POST] [--header Content-Type]

Options:

  • --origin \x3Curl> — Origin to test (required)
  • --method \x3Cmethod> — Method to request (default: POST)
  • --header \x3Cname> — Custom header to request (repeatable)

Output shows:

  • Access-Control-Allow-Methods — Allowed methods
  • Access-Control-Allow-Headers — Allowed headers
  • Access-Control-Max-Age — Preflight cache duration

audit

Check a URL for common CORS misconfigurations and security issues.

python3 scripts/cors_tester.py audit \x3Curl>

Checks for:

  • Wildcard origin (*) with credentials
  • Origin reflection (server echoes any origin back)
  • Missing Vary: Origin header
  • Overly permissive allowed methods
  • Missing preflight cache (Access-Control-Max-Age)

config

Generate CORS configuration snippets for common frameworks.

python3 scripts/cors_tester.py config --framework \x3Cname> --origins \x3Corigins> [--methods \x3Cmethods>] [--headers \x3Cheaders>] [--credentials]

Options:

  • --framework \x3Cname> — Target: nginx, apache, express, flask, fastapi, rails
  • --origins \x3Ccsv> — Comma-separated allowed origins
  • --methods \x3Ccsv> — Comma-separated methods (default: GET,POST,OPTIONS)
  • --headers \x3Ccsv> — Comma-separated allowed headers (default: Content-Type,Authorization)
  • --credentials — Allow credentials
  • --max-age \x3Cseconds> — Preflight cache (default: 86400)
安全使用建议
This appears to be a straightforward CORS testing tool. Before using it: 1) Understand it will perform live HTTP/OPTIONS requests to any URL you supply — don't scan internal/private hosts or systems you don't have permission to test. 2) The tool prints responses to stdout (no credentials are requested or exfiltrated), but responses may contain sensitive headers from the target server; treat output accordingly. 3) If you need extra safety, review the script locally or run it in a sandboxed environment. 4) If you plan automated or bulk scanning, be mindful of rate limits and legal/ethical rules for probing third-party servers.
功能分析
Type: OpenClaw Skill Name: cors-tester Version: 1.0.0 The `cors-tester` skill is a legitimate utility for testing, debugging, and auditing CORS configurations. The Python script `scripts/cors_tester.py` uses standard libraries to perform HTTP requests and analyze response headers for security misconfigurations like origin reflection or overly permissive wildcards. No evidence of data exfiltration, malicious execution, or harmful intent was found in the code or the `SKILL.md` instructions.
能力评估
Purpose & Capability
Name/description (CORS testing, preflight, audit, config generation) matches the included script and SKILL.md. The tool only needs to issue HTTP requests and generate text snippets — no unexpected binaries, credentials, or platform access are requested.
Instruction Scope
SKILL.md instructs running the included Python script with URL and origin parameters. The runtime instructions and script operate on the supplied target URLs and do not instruct reading local files, environment variables, or sending data to third-party endpoints. Behavior is scoped to making HTTP/OPTIONS requests and printing results.
Install Mechanism
No install spec (instruction-only) and only an included Python script. There are no downloads, package installs, or archive extraction steps declared. The script uses Python's standard library (urllib) so no extra dependencies are required.
Credentials
The skill declares no required environment variables, credentials, or config paths, and the script does not access unrelated environment secrets. All inputs (URLs, origins, headers) are provided by the user at runtime.
Persistence & Privilege
Skill is not forced-always, does not modify other skills or system-wide configs, and requests no persistent privileges. It runs as an on-demand utility that makes outbound HTTP requests.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install cors-tester
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /cors-tester 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of cors-tester. - Test CORS headers and configurations on live URLs. - Debug CORS errors, including preflight (OPTIONS) requests. - Audit URLs for common CORS misconfigurations and security issues. - Generate CORS configuration snippets for major web frameworks (nginx, apache, express, flask, fastapi, rails). - Command-line interface for quick testing, auditing, and configuration tasks.
元数据
Slug cors-tester
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

CORS Tester 是什么?

Test and debug CORS (Cross-Origin Resource Sharing) configurations on live URLs. Use when checking if a server returns correct CORS headers, debugging CORS e... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 213 次。

如何安装 CORS Tester?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cors-tester」即可一键安装,无需额外配置。

CORS Tester 是免费的吗?

是的,CORS Tester 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

CORS Tester 支持哪些平台?

CORS Tester 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 CORS Tester?

由 John Wang(@johnnywang2001)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论