← 返回 Skills 市场
Siteaudit
作者
rogue-agent1
· GitHub ↗
· v1.0.0
· MIT-0
109
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install siteaudit
功能描述
Comprehensive website audit combining uptime check, TLS certificate inspection, and security headers grading in one command. Use when asked to audit a websit...
安全使用建议
This skill appears to do what it says and only uses Python standard libs, but consider the following before enabling: 1) Restrict who or what can invoke it — do not allow autonomous agents to run it without oversight, since it can probe arbitrary addresses (including internal IPs and cloud metadata endpoints). 2) Review or run the script locally in a sandbox if you plan to audit sensitive networks. 3) If you will use it in automated workflows, add input validation or allowlist targets to prevent accidental scanning of private infrastructure. 4) The code is duplicated in two files (scripts/siteaudit.py and siteaudit.py) — benign but unusual; verify you are running the intended copy.
功能分析
Type: OpenClaw Skill
Name: siteaudit
Version: 1.0.0
The siteaudit skill bundle is a legitimate tool for checking website health, including uptime, TLS certificate status, and security headers. The Python script (siteaudit.py) uses standard libraries (urllib, ssl, socket) to perform its functions and contains no evidence of data exfiltration, malicious execution, or prompt injection.
能力评估
Purpose & Capability
Name and description match the code and SKILL.md: the scripts perform uptime checks, TLS inspection, and security-header grading. There are no unrelated binaries, env vars, or install steps requested.
Instruction Scope
Runtime instructions tell the agent to run the included Python script against any URL(s) the user supplies. The code performs network requests and TLS handshakes only against those targets (no external command execution or hidden endpoints), but there is no restriction on target addresses — an agent could be asked (or could autonomously) to scan internal hosts (e.g., 127.0.0.1, 169.254.169.254, or private subnets), which may expose sensitive infrastructure or metadata.
Install Mechanism
No install spec and the code uses only Python standard library modules. This is low-risk from an install perspective (nothing is downloaded or written by an installer).
Credentials
The skill requests no environment variables, credentials, or config paths — this is proportionate to a public website auditing tool.
Persistence & Privilege
always:false and no special system privileges. However, autonomous model invocation is allowed by default; combined with the ability to contact arbitrary hosts, that increases misuse risk (automatic scanning of internal endpoints) even though it's not a configuration error in the skill itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install siteaudit - 安装完成后,直接呼叫该 Skill 的名称或使用
/siteaudit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of siteaudit: an all-in-one website audit tool.
- Combines uptime checking, TLS certificate inspection, and security headers grading in a single command.
- Reports response time, status code, certificate details, and grades security headers.
- Clearly flags site issues such as downtime, slow response, expiring certificates, TLS errors, and weak security headers.
- Provides JSON output for automation and specific exit codes for health status.
- Zero dependencies—runs with pure Python.
元数据
常见问题
Siteaudit 是什么?
Comprehensive website audit combining uptime check, TLS certificate inspection, and security headers grading in one command. Use when asked to audit a websit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 109 次。
如何安装 Siteaudit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install siteaudit」即可一键安装,无需额外配置。
Siteaudit 是免费的吗?
是的,Siteaudit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Siteaudit 支持哪些平台?
Siteaudit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Siteaudit?
由 rogue-agent1(@rogue-agent1)开发并维护,当前版本 v1.0.0。
推荐 Skills