page-behavior-audit
Deep behavioral audit with hashed policy (CSP-compliant, no plaintext badwords)
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install clawskills:clawskills~youdaolee-page-behavior-auditcURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/clawskills%3Aclawskills~youdaolee-page-behavior-audit/file -o youdaolee-page-behavior-audit.md# page-behavior-audit
Deep behavioral page auditing with content safety policy enforcement.
## Features
- 🔍 Browser automation with redirect tracking
- 🛡️ Content policy checking (hashed badwords)
- 🎯 Response monitoring (SSRF/XXE detection)
- 📸 Full-page screenshots
- 📊 HAR export
- 🚨 WeCom alerts for critical findings
## Prerequisites
Set required environment variables:
```bash
export WECOM_WEBHOOK_URL="https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY"
export OPENCLAW_AUDIT_DIR="${HOME}/.openclaw/audit" # optional
```
## Usage
### Via Webhook
```bash
curl -X POST http://localhost:8080/api/audit/scan \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com", "include_har": true}'
```
### Via CLI
```bash
openclaw skill run page-behavior-audit --url https://example.com
```
## Configuration
**Input schema:**
- `url` (string, required): Target URL to audit
- `include_har` (boolean, optional): Export HAR file (default: true)
**Output:**
- `redirects`: Captured redirects
- `text_alerts`: Content policy violations
- `ct_alerts`: Response monitoring alerts
- `screenshot_path`: Screenshot file path
- `har_path`: HAR file path
## Security
- SHA256-hashed badword policies
- Ed25519 signature verification
- CSP-compliant (no plaintext sensitive words)
- Sandbox-isolated browser execution
## Alert Rules
**CRITICAL severity:**
- XML served from non-.xml endpoints (SSRF/XXE risk)
- Image endpoints returning XML (XXE evasion)
Alerts are sent to WeCom webhook when critical issues are detected.