Http Sec Audit
PassAudited by ClawScan on May 1, 2026.
Overview
The skill coherently audits HTTP security headers using a simple user-invoked script, with only expected network requests and a disclosed Python dependency.
This appears safe for its stated purpose. Before installing, note that it makes HTTP requests to whatever URLs you provide and requires the standard `requests` Python package; use it only on sites you are allowed to audit.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will make network requests to the URLs being audited, which may be logged by those sites or redirected elsewhere.
The script sends HTTP GET requests and follows redirects for user-supplied URLs. This is core to the header-audit purpose, but it can contact third-party or internal hosts if the user provides them.
resp = requests.get(url, headers=headers, timeout=timeout, allow_redirects=True)
Use it only for websites you own or are authorized to test, and be cautious with internal or sensitive URLs.
Installing the dependency pulls code from the Python package ecosystem into the user's environment.
The skill discloses a manual Python dependency installation, but it does not pin a specific package version. This is common for a small script, but users should recognize it as a package-install step.
pip install requests
Install dependencies in a trusted or isolated Python environment and consider pinning a known-good `requests` version if reproducibility matters.