📦 page-behavior-audit — 页面行为审计
v1.0.7基于哈希策略的页面行为深度审计,符合CSP规范,无需明文敏感词即可检测异常行为。
0· 1.4k·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill is plausibly a page-auditor but has several red flags you should address before installing: 1) Packaging mismatch — the registry metadata claims no required env vars, but SKILL.md and skill.yaml require WECOM_WEBHOOK_URL and OPENCLAW_AUDIT_DIR; confirm requirements with the author. 2) Data exfiltration risk — alerts send the aggregated report (which may contain up to 10k chars of page text, links, redirects, HAR/screenshot paths) to the configured WeCom webhook. Only set WECOM_WEBHOOK...详细分析 ▾
ℹ 用途与能力
The declared functionality (browser automation, content-policy checks, HAR/screenshot exports, WeCom alerts) matches the actions defined in skill.yaml and SKILL.md. However registry metadata at the top of the report claimed no required env vars while both SKILL.md and skill.yaml declare two required env vars (WECOM_WEBHOOK_URL and OPENCLAW_AUDIT_DIR). This mismatch is a packaging/information-coherence issue and could confuse users about needed configuration.
⚠ 指令范围
Runtime steps perform browser navigation to arbitrary user-provided URLs, extract up to 10k characters of page text, capture links, save screenshots and HAR files, and (on critical findings) send the aggregated report (including alerts and extracted data) to the configured WeCom webhook. These instructions are within an auditor's scope but explicitly transmit scraped page content to an external endpoint; that data flow is sensitive and should be treated cautiously.
ℹ 安装机制
There is no remote download; install.sh is a local installer that copies skill.yaml into an OpenClaw skills directory and creates an audit directory. It supports a --system mode that will use sudo and write under /etc and /var. The installer does not fetch code from external URLs, which reduces supply-chain risk, but running it in system mode grants filesystem write capability and will create/own audit directories system-wide.
⚠ 凭证需求
Required env vars (WECOM_WEBHOOK_URL and OPENCLAW_AUDIT_DIR) are consistent with the described notification and storage features. However the webhook is used to transmit the full aggregated report (template data includes json .steps.aggregate-report.output), which can contain extracted page text, links, redirects, and possibly HAR metadata. If the webhook endpoint is untrusted or replaced with an attacker-controlled URL, this provides a clear exfiltration channel. Also the policy signature and verification_url look like placeholders and cannot be validated from the packaged files.
ℹ 持久化与权限
The skill does not request always:true and does not modify other skills' configs. The installer can write to system directories when run with --system (requires sudo). The .claude/settings.local.json included grants several Bash-related permissions (e.g., Bash(bash:*)) which is unusual in a skill bundle and should be reviewed; it suggests local tooling may run shell commands during development or verification.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.72026/2/11
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install page-behavior-audit
镜像加速npx clawhub@latest install page-behavior-audit --registry https://cn.longxiaskill.com