← 返回 Skills 市场
Headers
作者
rogue-agent1
· GitHub ↗
· v1.0.0
· MIT-0
120
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install headers
功能描述
Audit HTTP security headers for any website — checks HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, and...
使用说明 (SKILL.md)
security-headers 🔒
HTTP security headers auditor with grading and info leak detection.
Commands
# Check one or more sites (auto-adds https://)
python3 scripts/headers.py github.com example.com
# JSON output
python3 scripts/headers.py --json example.com
Checks (9 headers)
- 🔴 High: Strict-Transport-Security (HSTS), Content-Security-Policy (CSP)
- 🟡 Medium: X-Content-Type-Options, X-Frame-Options, Referrer-Policy
- 🟢 Low: Permissions-Policy, X-XSS-Protection, COOP, CORP
Grading
- A (≥78%): 7+ headers present
- B (≥56%): 5-6 headers
- C (≥33%): 3-4 headers
- D (≥11%): 1-2 headers
- F (0%): No security headers
Info Leak Detection
Flags Server, X-Powered-By, X-AspNet-Version, X-Generator headers that reveal technology stack.
安全使用建议
This skill appears to do exactly what it says: it issues GET requests to target URLs, inspects headers, and prints a grade. It does not request credentials, write installs, or phone home. Before installing or enabling it for autonomous use, confirm you trust the source (source/homepage unknown) and consider the environment where the agent will run: the skill can request arbitrary URLs, so avoid running it in an agent that has access to sensitive internal networks or services you don't want probed. If you need to run audits on production/internal sites, review the included scripts locally or run them in a network-restricted sandbox.
功能分析
Type: OpenClaw Skill
Name: headers
Version: 1.0.0
The skill bundle is a legitimate HTTP security header auditing tool. It uses the standard Python 'urllib' library to fetch and analyze headers (e.g., HSTS, CSP, X-Frame-Options) from user-provided URLs to provide a security grade. The code in 'headers.py' and 'scripts/headers.py' is transparent, contains no external dependencies, and shows no signs of malicious intent, data exfiltration, or prompt injection.
能力评估
Purpose & Capability
Name/description match the actual behavior: the scripts issue HTTP GETs, inspect response headers, grade presence of security headers, and report info-leak headers. No unrelated credentials, binaries, or config paths are requested. The duplicate files (headers.py and scripts/headers.py) are identical copies — a minor hygiene issue but not a security mismatch.
Instruction Scope
SKILL.md instructs running the included Python script which performs network requests to the provided URLs and prints/returns JSON. The instructions do not read local files, environment variables, or send data to third-party endpoints. Note: because the skill performs arbitrary HTTP requests, an agent running it could be used to probe internal or private endpoints if the agent has network access; this is expected behavior for a network-scanning utility but is a risk to be aware of.
Install Mechanism
No install spec; the skill is instruction-and-script-only and relies on Python's stdlib (urllib). This is low-risk: nothing is downloaded or written during install.
Credentials
The skill requests no environment variables or credentials. Its network access is proportional to its purpose (it must perform HTTP requests to audit headers). There are no unrelated secret accesses or config paths.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. The skill can be invoked autonomously by the agent (platform default), which is expected for a utility — combine this with the note above about network reach when deciding deployment policy.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install headers - 安装完成后,直接呼叫该 Skill 的名称或使用
/headers触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of security-headers skill.
- Audits HTTP security headers for any website and grades security posture A–F.
- Checks 9 essential headers including HSTS, CSP, and X-Frame-Options.
- Detects server information leakage via headers like Server and X-Powered-By.
- Provides command-line usage for single or multiple sites, with optional JSON output.
- Zero external dependencies.
元数据
常见问题
Headers 是什么?
Audit HTTP security headers for any website — checks HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 120 次。
如何安装 Headers?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install headers」即可一键安装,无需额外配置。
Headers 是免费的吗?
是的,Headers 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Headers 支持哪些平台?
Headers 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Headers?
由 rogue-agent1(@rogue-agent1)开发并维护,当前版本 v1.0.0。
推荐 Skills