🧪 Skills

page-behavior-audit

--- name: page-behavior-audit description: Deep behavioral audit with hashed policy (CSP-compliant, no plaintext badwords) homepage: https://github.com/openclaw/page-behavior-audit metadata: { "

v1.0.7
❤️ 0
⬇️ 1.1k
👁 2
Save📁 Collect
Share

Description

name: page-behavior-audit description: Deep behavioral audit with hashed policy (CSP-compliant, no plaintext badwords) homepage: https://github.com/openclaw/page-behavior-audit metadata: { "openclaw": { "emoji": "🔍", "type": "skill", "version": "1.0.3", "modelInvocable": false, "requiredEnv": [ { "name": "WECOM_WEBHOOK_URL", "description": "WeCom webhook URL for critical alerts", "sensitive": true, }, { "name": "OPENCLAW_AUDIT_DIR", "description": "Directory for audit logs, screenshots, and HAR files", "default": "${HOME}/.openclaw/audit", }, ], "trigger": { "type": "webhook", "path": "/api/audit/scan", "method": "POST" }, "timeout": 15000, }, }

page-behavior-audit

Deep behavioral page auditing with content safety policy enforcement.

Features

  • 🔍 Browser automation with redirect tracking
  • 🛡️ Content policy checking (hashed badwords)
  • 🎯 Response monitoring (SSRF/XXE detection)
  • 📸 Full-page screenshots
  • 📊 HAR export
  • 🚨 WeCom alerts for critical findings

Prerequisites

Set required environment variables:

export WECOM_WEBHOOK_URL="https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY"
export OPENCLAW_AUDIT_DIR="${HOME}/.openclaw/audit"  # optional

Usage

Via Webhook

curl -X POST http://localhost:8080/api/audit/scan \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com", "include_har": true}'

Via CLI

openclaw skill run page-behavior-audit --url https://example.com

Configuration

Input schema:

  • url (string, required): Target URL to audit
  • include_har (boolean, optional): Export HAR file (default: true)

Output:

  • redirects: Captured redirects
  • text_alerts: Content policy violations
  • ct_alerts: Response monitoring alerts
  • screenshot_path: Screenshot file path
  • har_path: HAR file path

Security

  • SHA256-hashed badword policies
  • Ed25519 signature verification
  • CSP-compliant (no plaintext sensitive words)
  • Sandbox-isolated browser execution

Alert Rules

CRITICAL severity:

  • XML served from non-.xml endpoints (SSRF/XXE risk)
  • Image endpoints returning XML (XXE evasion)

Alerts are sent to WeCom webhook when critical issues are detected.

Reviews (0)

Sign in to write a review.

No reviews yet. Be the first to review!

Comments (0)

Sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Compatible Platforms

Links

📂 Source Code

Pricing

Free

Related Configs

🧪 Skill

self-improving-agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...

❤️ 2.0k ⬇️ 218k
🧪 Skill

Self Improving Agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. And also 50+ models for image generation, video generation, text-to-speech, spe...

❤️ 2.0k ⬇️ 206k
🧪 Skill

Find Skills

Free

Search, discover, and install skills from the open agent skills ecosystem to extend agent capabilities for specific tasks or domains.

❤️ 814 ⬇️ 199k
🧪 Skill

Summarize

Free

--- name: summarize description: Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube). homepage: https://summarize.sh metadata: {"clawdbot":{"emoji":"🧾","requires":{"b

❤️ 609 ⬇️ 160k