CORS Tester
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: cors-tester Version: 1.0.0 The `cors-tester` skill is a legitimate utility for testing, debugging, and auditing CORS configurations. The Python script `scripts/cors_tester.py` uses standard libraries to perform HTTP requests and analyze response headers for security misconfigurations like origin reflection or overly permissive wildcards. No evidence of data exfiltration, malicious execution, or harmful intent was found in the code or the `SKILL.md` instructions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill against a URL will send real HTTP requests, including test Origin headers, to that server.
The script makes outbound HTTP requests to a user-supplied URL. This is central to CORS testing, but it means the skill can contact live services and generate server log entries.
req = urllib.request.Request(url, headers=headers, method=method) resp = urllib.request.urlopen(req, timeout=15)
Use it only with URLs you own or are authorized to test, and avoid placing secrets in URLs or custom headers.