page-behavior-audit

Deep behavioral audit with hashed policy (CSP-compliant, no plaintext badwords)

Install

openclaw skills install page-behavior-audit

page-behavior-audit

Deep behavioral page auditing with content safety policy enforcement.

Features

🔍 Browser automation with redirect tracking
🛡️ Content policy checking (hashed badwords)
🎯 Response monitoring (SSRF/XXE detection)
📸 Full-page screenshots
📊 HAR export
🚨 WeCom alerts for critical findings

Prerequisites

Set required environment variables:

export WECOM_WEBHOOK_URL="https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY"
export OPENCLAW_AUDIT_DIR="${HOME}/.openclaw/audit"  # optional

Usage

Via Webhook

curl -X POST http://localhost:8080/api/audit/scan \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com", "include_har": true}'

Via CLI

openclaw skill run page-behavior-audit --url https://example.com

Configuration

Input schema:

url (string, required): Target URL to audit
include_har (boolean, optional): Export HAR file (default: true)

Output:

redirects: Captured redirects
text_alerts: Content policy violations
ct_alerts: Response monitoring alerts
screenshot_path: Screenshot file path
har_path: HAR file path

Security

SHA256-hashed badword policies
Ed25519 signature verification
CSP-compliant (no plaintext sensitive words)
Sandbox-isolated browser execution

Alert Rules

CRITICAL severity:

XML served from non-.xml endpoints (SSRF/XXE risk)
Image endpoints returning XML (XXE evasion)

Alerts are sent to WeCom webhook when critical issues are detected.