ClawHub

Http Sec Audit

v1.0.0

Audit HTTP security headers for any website. Use when a user asks to check security headers, harden a web server, audit HSTS/CSP/X-Frame-Options compliance,...

0· 176·1 current·1 all-time
byJohn Wang@johnnywang2001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with required files and behavior: the skill ships a Python script that performs HTTP GETs and inspects headers. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
SKILL.md only instructs running the included script and installing the 'requests' dependency; the script only reads HTTP response headers and prints or emits JSON. It does not read local files, other env vars, or send results to external endpoints.
Install Mechanism
No install spec; this is an instruction-only skill with a bundled Python script. The only dependency is the public 'requests' package (pip). Nothing is downloaded from untrusted URLs or written outside the skill's file.
Credentials
No credentials, config paths, or sensitive environment variables are required. The script uses an explicit User-Agent when making requests (not a secret) and does not access other environment data.
Persistence & Privilege
Skill is not always-enabled and does not request persistent elevated privileges or modify other skills or system-wide settings. It runs only when invoked.
Assessment
This skill appears to do what it advertises: issue HTTP(S) GETs to target URLs and report header findings. Before installing, consider that: (1) running it will perform outbound requests from the agent's environment — the target will see the agent's IP and the provided User-Agent string; (2) header values can include version strings or other info you may not want exposed if you run scans against sensitive/internal endpoints — run such scans from an appropriate, consented environment; (3) it depends on the Python 'requests' package (pip install requests); and (4) as with any third-party code, review the script if you have strict security policies or run it in a sandboxed environment. Overall it is internally coherent and proportional to its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ejxx3ry4sy491th45vscq9s82qjqm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments