page-behavior-audit

Deep behavioral page auditing with content safety policy enforcement.

Features

• 🔍 Browser automation with redirect tracking
• 🛡️ Content policy checking (hashed badwords)
• 🎯 Response monitoring (SSRF/XXE detection)
• 📸 Full-page screenshots
• 📊 HAR export
• 🚨 WeCom alerts for critical findings

Prerequisites

Set required environment variables:

export WECOM_WEBHOOK_URL="https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY"
export OPENCLAW_AUDIT_DIR="${HOME}/.openclaw/audit"  # optional

Usage

Via Webhook

curl -X POST http://localhost:8080/api/audit/scan \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com", "include_har": true}'

Via CLI

openclaw skill run page-behavior-audit --url https://example.com

Configuration

Input schema:

• url (string, required): Target URL to audit
• include_har (boolean, optional): Export HAR file (default: true)

Output:

• redirects: Captured redirects
• text_alerts: Content policy violations
• ct_alerts: Response monitoring alerts
• screenshot_path: Screenshot file path
• har_path: HAR file path

Security

• SHA256-hashed badword policies
• Ed25519 signature verification
• CSP-compliant (no plaintext sensitive words)
• Sandbox-isolated browser execution

Alert Rules

CRITICAL severity:

• XML served from non-.xml endpoints (SSRF/XXE risk)
• Image endpoints returning XML (XXE evasion)

Alerts are sent to WeCom webhook when critical issues are detected.