page-behavior-audit
Deep behavioral audit with hashed policy (CSP-compliant, no plaintext badwords)
Why use this skill?
Perform deep web behavioral audits with hashed policy enforcement. Monitor for SSRF/XXE risks, track redirects, and get automated alerts for security compliance.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/youdaolee/page-behavior-auditWhat This Skill Does
The page-behavior-audit skill is a sophisticated browser automation and security analysis tool designed for OpenClaw. It performs deep behavioral inspections of web pages, ensuring that remote targets comply with established content safety policies without ever transmitting plaintext sensitive data, thanks to its SHA256-hashed policy engine. The skill handles the full lifecycle of a web request: it follows redirects, executes the target page within a sandbox-isolated browser, monitors responses for SSRF and XXE injection risks, and generates documentation including full-page screenshots and HAR files. Designed with production-readiness in mind, it supports automated alert notifications via WeCom webhooks, making it an essential utility for security engineers and quality assurance teams tasked with monitoring web surface threats.
Installation
To integrate this skill into your environment, use the OpenClaw command-line interface. First, ensure you have set your environment variables for the WeCom webhook URL to receive real-time security alerts. Run the following command:
clawhub install openclaw/skills/skills/youdaolee/page-behavior-audit
Once installed, confirm the path for audit exports is configured via OPENCLAW_AUDIT_DIR to prevent cluttering your home directory. Verify the installation by running openclaw skill list to ensure the status is active.
Use Cases
This skill is ideal for several professional scenarios:
- Security Auditing: Automatically verify if public-facing assets are leaking internal data structures or misconfigured XML headers.
- Compliance Monitoring: Ensure that external content loaded by your applications adheres to organizational language and safety policies without maintaining plaintext forbidden word lists.
- Network Forensics: Analyze redirect chains to identify phishing or malicious redirects targeting your users.
- Automated QA: Generate visual and network evidence for every deployment to track performance and behavioral changes over time.
Example Prompts
- "Perform a behavioral audit on https://internal-portal.company.com and generate a HAR file for analysis."
- "Run the page-behavior-audit on the site https://client-site.io and send any critical XXE findings to my WeCom channel."
- "Audit https://target-app.com and provide a summary of all captured redirects and any identified content policy violations."
Tips & Limitations
- Resource Management: Because this skill spawns an isolated browser session per scan, it can be resource-intensive. Avoid running large batches concurrently to prevent OOM errors.
- Policy Hashing: Ensure your hashed badwords are generated using standard SHA256; the skill validates the integrity of these policies against the Ed25519 signature before execution.
- Network Isolation: While the browser is sandboxed, ensure your host firewall rules allow outgoing connections to the domains you intend to audit. If scanning internal-only URLs, verify your local DNS resolution is accessible from the sandbox environment.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-youdaolee-page-behavior-audit": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-write, file-read, data-collection, external-api, code-execution