← 返回 Skills 市场
233
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install http-sec-audit
功能描述
Audit HTTP security headers for any website. Use when a user asks to check security headers, harden a web server, audit HSTS/CSP/X-Frame-Options compliance,...
使用说明 (SKILL.md)
HTTP Security Headers Audit
Scan any URL for missing or misconfigured security headers and get an actionable report with grades, fix recommendations, and info-leak detection.
Quick Start
python3 scripts/sec_headers.py https://example.com
Commands
# Single URL audit
python3 scripts/sec_headers.py https://example.com
# Multiple URLs
python3 scripts/sec_headers.py https://example.com https://google.com https://github.com
# JSON output (for programmatic use)
python3 scripts/sec_headers.py https://example.com --json
# Custom timeout
python3 scripts/sec_headers.py https://example.com --timeout 5
What It Checks
Security headers (graded by severity):
Strict-Transport-Security(HSTS) — HIGHContent-Security-Policy(CSP) — HIGHX-Content-Type-Options— MEDIUMX-Frame-Options— MEDIUMReferrer-Policy— MEDIUMPermissions-Policy— MEDIUMX-XSS-Protection— LOWCross-Origin-Opener-Policy(COOP) — LOWCross-Origin-Resource-Policy(CORP) — LOWCross-Origin-Embedder-Policy(COEP) — LOW
Info leak detection:
Serverheader (software version disclosure)X-Powered-By(technology stack leak)X-AspNet-Version(framework version leak)
Grading
| Grade | Score | Meaning |
|---|---|---|
| A | 90–100 | Excellent — all critical headers present |
| B | 75–89 | Good — minor gaps |
| C | 50–74 | Fair — important headers missing |
| D | 25–49 | Poor — significant exposure |
| F | 0–24 | Failing — most headers absent |
Dependencies
pip install requests
安全使用建议
This skill appears to do what it advertises: issue HTTP(S) GETs to target URLs and report header findings. Before installing, consider that: (1) running it will perform outbound requests from the agent's environment — the target will see the agent's IP and the provided User-Agent string; (2) header values can include version strings or other info you may not want exposed if you run scans against sensitive/internal endpoints — run such scans from an appropriate, consented environment; (3) it depends on the Python 'requests' package (pip install requests); and (4) as with any third-party code, review the script if you have strict security policies or run it in a sandboxed environment. Overall it is internally coherent and proportional to its purpose.
功能分析
Type: OpenClaw Skill
Name: http-sec-audit
Version: 1.0.0
The skill is a legitimate security tool designed to audit HTTP security headers (e.g., HSTS, CSP, XFO) and detect information leaks in server headers. The Python script 'scripts/sec_headers.py' uses the standard 'requests' library to fetch headers and perform a weighted scoring analysis without any evidence of data exfiltration, command injection, or malicious intent.
能力评估
Purpose & Capability
Name/description align with required files and behavior: the skill ships a Python script that performs HTTP GETs and inspects headers. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
SKILL.md only instructs running the included script and installing the 'requests' dependency; the script only reads HTTP response headers and prints or emits JSON. It does not read local files, other env vars, or send results to external endpoints.
Install Mechanism
No install spec; this is an instruction-only skill with a bundled Python script. The only dependency is the public 'requests' package (pip). Nothing is downloaded from untrusted URLs or written outside the skill's file.
Credentials
No credentials, config paths, or sensitive environment variables are required. The script uses an explicit User-Agent when making requests (not a secret) and does not access other environment data.
Persistence & Privilege
Skill is not always-enabled and does not request persistent elevated privileges or modify other skills or system-wide settings. It runs only when invoked.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install http-sec-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/http-sec-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of http-sec-audit.
- Audits 10 key HTTP security headers for any website.
- Detects information leaks from headers like Server and X-Powered-By.
- Provides per-header grading (A–F) and actionable fix recommendations.
- Supports scanning multiple URLs and JSON output.
- Includes command-line options for timeout configuration.
元数据
常见问题
Http Sec Audit 是什么?
Audit HTTP security headers for any website. Use when a user asks to check security headers, harden a web server, audit HSTS/CSP/X-Frame-Options compliance,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 233 次。
如何安装 Http Sec Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install http-sec-audit」即可一键安装,无需额外配置。
Http Sec Audit 是免费的吗?
是的,Http Sec Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Http Sec Audit 支持哪些平台?
Http Sec Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Http Sec Audit?
由 John Wang(@johnnywang2001)开发并维护,当前版本 v1.0.0。
推荐 Skills