← 返回 Skills 市场
Website Security Audit
作者
666-Moonlight
· GitHub ↗
· v1.0.0
· MIT-0
98
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install website-security-audit
功能描述
网站安全鉴定技能。对任意 URL 进行安全风险评估,综合域名信息、SSL证书、网站内容、技术特征、备案信息等多维度分析,判断网站是否可信、安全、有风险。当用户询问"查看某个网站是否有风险"、"帮我鉴定这个网站"、"检查这个链接安全吗"、"网站安全评估"时使用此技能。
安全使用建议
This skill appears coherent for auditing websites, but be aware: it will load arbitrary URLs and capture page content. Avoid giving it links that require you to log in or that point to internal/private systems (to prevent exposing credentials or sensitive data). If you plan to audit unknown or suspicious sites, run checks from an isolated environment (VM or sandbox) and do not submit any passwords or tokens. Note the optional ProSearch helper references a Windows-specific local script path and may not work on other machines; it is optional and not required for the core audit.
功能分析
Type: OpenClaw Skill
Name: website-security-audit
Version: 1.0.0
The website-security-audit skill is a legitimate tool designed to perform security assessments of URLs by analyzing SSL certificates, domain age, and Chinese ICP/Public Security filings. It utilizes standard OpenClaw browser actions and a local search script (prosearch.cjs) to gather information and generate a structured risk report, with no evidence of malicious intent, data exfiltration, or harmful prompt injection.
能力评估
Purpose & Capability
Name/description (website security audit) match the instructions: extracting a URL, visiting it with the built-in browser, checking SSL/ICP/WHOIS, and producing a structured report. No unrelated env vars, binaries, or installs are requested.
Instruction Scope
Instructions explicitly direct the agent to navigate to user-provided URLs and snapshot page content (maxChars=10000). This is expected for site analysis but means the agent will fetch arbitrary external pages and capture their content (which may include sensitive data or trigger hostile site behaviour). The SKILL.md also references an optional local ProSearch node script path (Windows-specific) — optional, not required, but may not exist on all hosts.
Install Mechanism
No install spec and no code files beyond static references; instruction-only skill performs runtime browser actions. No downloads, archives, or external installers are invoked by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. All checks are based on network queries and page parsing; requested data is proportionate to a website audit.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system privileges, nor does it modify other skills' configurations. Autonomous invocation is allowed (platform default) but not combined with other privilege escalations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install website-security-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/website-security-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: 对任意URL进行系统性安全鉴定,综合HTTPS、ICP备案、公安网备案、域名年龄等10+维度分析,输出结构化风险报告。
元数据
常见问题
Website Security Audit 是什么?
网站安全鉴定技能。对任意 URL 进行安全风险评估,综合域名信息、SSL证书、网站内容、技术特征、备案信息等多维度分析,判断网站是否可信、安全、有风险。当用户询问"查看某个网站是否有风险"、"帮我鉴定这个网站"、"检查这个链接安全吗"、"网站安全评估"时使用此技能。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 98 次。
如何安装 Website Security Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install website-security-audit」即可一键安装,无需额外配置。
Website Security Audit 是免费的吗?
是的,Website Security Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Website Security Audit 支持哪些平台?
Website Security Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Website Security Audit?
由 666-Moonlight(@666-moonlight)开发并维护,当前版本 v1.0.0。
推荐 Skills