Http Sec Audit
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will make network requests to the URLs being audited, which may be logged by those sites or redirected elsewhere.
The script sends HTTP GET requests and follows redirects for user-supplied URLs. This is core to the header-audit purpose, but it can contact third-party or internal hosts if the user provides them.
resp = requests.get(url, headers=headers, timeout=timeout, allow_redirects=True)
Use it only for websites you own or are authorized to test, and be cautious with internal or sensitive URLs.
Installing the dependency pulls code from the Python package ecosystem into the user's environment.
The skill discloses a manual Python dependency installation, but it does not pin a specific package version. This is common for a small script, but users should recognize it as a package-install step.
pip install requests
Install dependencies in a trusted or isolated Python environment and consider pinning a known-good `requests` version if reproducibility matters.