page-behavior-audit
v1.0.7Deep behavioral audit with hashed policy (CSP-compliant, no plaintext badwords)
Sourced from ClawHub,
Authored by Youdaolee
Installation
Please help me install the skill `page-behavior-audit` from SkillHub official store.
npx skills add Youdaolee/page-behavior-audit
page-behavior-audit
Deep behavioral page auditing with content safety policy enforcement.
Features
- 🔍 Browser automation with redirect tracking
- 🛡️ Content policy checking (hashed badwords)
- 🎯 Response monitoring (SSRF/XXE detection)
- 📸 Full-page screenshots
- 📊 HAR export
- 🚨 WeCom alerts for critical findings
Prerequisites
Set required environment variables:
export WECOM_WEBHOOK_URL="https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY"
export OPENCLAW_AUDIT_DIR="${HOME}/.openclaw/audit" # optional
Usage
Via Webhook
curl -X POST http://localhost:8080/api/audit/scan
-H "Content-Type: application/json"
-d '{"url": "https://example.com", "include_har": true}'
Via CLI
openclaw skill run page-behavior-audit --url https://example.com
Configuration
Input schema:
- url (string, required): Target URL to audit
- include_har (boolean, optional): Export HAR file (default: true)
Output:
- redirects: Captured redirects
- text_alerts: Content policy violations
- ct_alerts: Response monitoring alerts
- screenshot_path: Screenshot file path
- har_path: HAR file path
Security
- SHA256-hashed badword policies
- Ed25519 signature verification
- CSP-compliant (no plaintext sensitive words)
- Sandbox-isolated browser execution
Alert Rules
CRITICAL severity: - XML served from non-.xml endpoints (SSRF/XXE risk) - Image endpoints returning XML (XXE evasion)
Alerts are sent to WeCom webhook when critical issues are detected.