CORS Tester
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Running the skill against a URL will send real HTTP requests, including test Origin headers, to that server.
Why it was flagged
The script makes outbound HTTP requests to a user-supplied URL. This is central to CORS testing, but it means the skill can contact live services and generate server log entries.
Skill content
req = urllib.request.Request(url, headers=headers, method=method) resp = urllib.request.urlopen(req, timeout=15)
Recommendation
Use it only with URLs you own or are authorized to test, and avoid placing secrets in URLs or custom headers.