Http Sec Audit
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: http-sec-audit Version: 1.0.0 The skill is a legitimate security tool designed to audit HTTP security headers (e.g., HSTS, CSP, XFO) and detect information leaks in server headers. The Python script 'scripts/sec_headers.py' uses the standard 'requests' library to fetch headers and perform a weighted scoring analysis without any evidence of data exfiltration, command injection, or malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will make network requests to the URLs being audited, which may be logged by those sites or redirected elsewhere.
The script sends HTTP GET requests and follows redirects for user-supplied URLs. This is core to the header-audit purpose, but it can contact third-party or internal hosts if the user provides them.
resp = requests.get(url, headers=headers, timeout=timeout, allow_redirects=True)
Use it only for websites you own or are authorized to test, and be cautious with internal or sensitive URLs.
Installing the dependency pulls code from the Python package ecosystem into the user's environment.
The skill discloses a manual Python dependency installation, but it does not pin a specific package version. This is common for a small script, but users should recognize it as a package-install step.
pip install requests
Install dependencies in a trusted or isolated Python environment and consider pinning a known-good `requests` version if reproducibility matters.