page-behavior-audit

Deep behavioral audit with hashed policy (CSP-compliant, no plaintext badwords)

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "page-behavior-audit" with this command: npx skills add youdaolee/page-behavior-audit

page-behavior-audit

Deep behavioral page auditing with content safety policy enforcement.

Features

  • 🔍 Browser automation with redirect tracking
  • 🛡️ Content policy checking (hashed badwords)
  • 🎯 Response monitoring (SSRF/XXE detection)
  • 📸 Full-page screenshots
  • 📊 HAR export
  • 🚨 WeCom alerts for critical findings

Prerequisites

Set required environment variables:

export WECOM_WEBHOOK_URL="https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY"
export OPENCLAW_AUDIT_DIR="${HOME}/.openclaw/audit"  # optional

Usage

Via Webhook

curl -X POST http://localhost:8080/api/audit/scan \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com", "include_har": true}'

Via CLI

openclaw skill run page-behavior-audit --url https://example.com

Configuration

Input schema:

  • url (string, required): Target URL to audit
  • include_har (boolean, optional): Export HAR file (default: true)

Output:

  • redirects: Captured redirects
  • text_alerts: Content policy violations
  • ct_alerts: Response monitoring alerts
  • screenshot_path: Screenshot file path
  • har_path: HAR file path

Security

  • SHA256-hashed badword policies
  • Ed25519 signature verification
  • CSP-compliant (no plaintext sensitive words)
  • Sandbox-isolated browser execution

Alert Rules

CRITICAL severity:

  • XML served from non-.xml endpoints (SSRF/XXE risk)
  • Image endpoints returning XML (XXE evasion)

Alerts are sent to WeCom webhook when critical issues are detected.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Continuum Security Slne

Continuum Security SLNE integration. Manage data, records, and automate workflows. Use when the user wants to interact with Continuum Security SLNE data.

Registry SourceRecently Updated
1780membranedev
Security

Aikido Security

Aikido Security integration. Manage data, records, and automate workflows. Use when the user wants to interact with Aikido Security data.

Registry SourceRecently Updated
1620Profile unavailable
Security

Skill Checker

Audit a target SKILL.md against the Agent Skills specification and generate a Chinese HTML report. Use when the user asks to check, audit, review, or optimiz...

Registry SourceRecently Updated
2170Profile unavailable
Security

Flue — Desktop Software Bridge

Flue is a lightweight bridge enabling command-line control of professional desktop software by executing scripts inside the app's automation runtime and retu...

Registry SourceRecently Updated
871Profile unavailable