← Back to Skills Marketplace
tooled-app

Pre-flight

by Tooled-app · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
41
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install dashboard-pre-flight
Description
Universal React dashboard audit — detect hardcoded values, tier bypasses, stale components, and onboarding inconsistencies before users see them.
README (SKILL.md)

Dashboard Audit Skill

Detect and fix anomalies in any React dashboard before they reach users.

When to Use

  • Before any release or deployment
  • After auth/tier/subscription changes
  • When user reports UI inconsistencies
  • Before declaring a feature complete
  • When onboarding flow changes
  • After integrating a new auth provider

Configuration

Set these at the top of your audit session:

PROJECT_SRC="./src"                    # Source directory
AUTH_PROVIDER="clerk"                  # clerk, auth0, firebase, etc.
TIER_PROP="userTier"                   # Prop name for subscription tier
MODE_STORAGE_KEY="terminal_mode"       # localStorage key for mode preference
API_CONSTANT="API_URL"                 # Constant exported from api client
PRICING_TIERS="free,pro,team"         # Comma-separated tier names
AUDIT_RUNS=1                           # Number of times to run full audit (1-5)

Note: Set AUDIT_RUNS=2 or higher when:

  • Fixing issues found in previous run
  • First audit of a legacy codebase
  • After major auth or tier refactoring
  • Before production releases

Each run should produce zero new issues before proceeding.

Audit Checklist

1. Tier Handling Verification

grep -rn "publicMetadata\|userMetadata\|auth0User" "$PROJECT_SRC/pages/" "$PROJECT_SRC/components/"
  • No component reads tier from auth provider metadata directly
  • All components accept tier via prop from root/App
  • Fallback to base tier only in prop default, never in display logic

2. Hardcoded Content Scan

grep -rn "[email protected]\|example.com\|localhost:3001\|placeholder\|TODO\|FIXME\|HACK" \
  --include="*.jsx" --include="*.js" --include="*.tsx" --include="*.ts" "$PROJECT_SRC/"
  • No placeholder emails in user-facing output
  • No localhost/dev URLs in production code
  • No TODO/FIXME/HACK comments (move to issues)

3. Mode/Preference Consistency

grep -rn "localStorage.getItem('$MODE_STORAGE_KEY')" "$PROJECT_SRC/"
  • Base tier users default to restricted mode
  • Paid tier users default to full mode
  • Preference persists across sessions
  • Propagates to backend for cross-device sync

4. Onboarding Flow Verification

grep -rn "curl -fsSL\|install.sh\|install.ps1\|iwr -useb\|brew install\|npm install -g" \
  "$PROJECT_SRC/pages/Onboarding*" "$PROJECT_SRC/pages/onboarding*"
  • No external install commands shown (if integrated)
  • Integrated paths referenced instead of external
  • Safety layers mentioned if required for full mode
  • Example URLs use docs domain, not IP addresses

5. API URL Consistency

grep -rn "192\.168\.\|127\.0\.0\.1\|localhost:" \
  --include="*.jsx" --include="*.js" --include="*.tsx" --include="*.ts" "$PROJECT_SRC/" | \
  grep -v "$API_CONSTANT"
  • All API calls use exported constant
  • No hardcoded IPs in components
  • Environment-based API switching configured

6. Pricing Consistency

IFS=',' read -ra TIERS \x3C\x3C\x3C "$PRICING_TIERS"
for tier in "${TIERS[@]}"; do
  grep -rn "\\\$[0-9]*.*$tier\|$tier.*\\\$[0-9]*" "$PROJECT_SRC/pages/"
done
  • No hardcoded prices in UI strings
  • Prices fetched from backend or config
  • Currency formatting consistent

7. Stale Component Cleanup

find "$PROJECT_SRC/components" -name "*.jsx" -o -name "*.tsx" | \
  xargs grep -l "debug\|Debug\|wizard\|Wizard\|setup\|Setup" 2>/dev/null | \
  grep -i "debug\|install\|setup\|wizard"
  • No debug/login components in production build
  • No deprecated install/setup wizards (if integrated)
  • No mock/demo components in production

8. Auth Fallback Chain Verification

grep -rn "dev-bypass\|test-token\|mock-user\|fake-" \
  --include="*.jsx" --include="*.js" --include="*.tsx" --include="*.ts" "$PROJECT_SRC/"
  • No dev bypass tokens in production code
  • Auth fallback chains end at "unauthenticated", not fake data
  • Mock users cannot access real endpoints

Fixes Applied (Template)

# Issue Location Fix
1
2
3

Verification Steps

  1. Start dev server: npm run dev or yarn dev
  2. Clear browser storage for fresh user simulation
  3. Simulate new user signup with base tier
  4. Complete onboarding flow
  5. Simulate upgrade to paid tier
  6. Execute core workflow in full mode
  7. Verify no upgrade prompts for paid users
  8. Check all pages render without console errors
  9. Verify mobile responsiveness
  10. Run Lighthouse audit (target: 90+ all categories)

Prevention

  • Run this audit before every PR merge
  • Add CI check for hardcoded values (grep patterns above)
  • Use constants for all URLs, prices, and tier names
  • Never read tier from auth provider metadata in components — pass as prop
  • Keep onboarding in sync with actual architecture
  • Document auth fallback chain in README

Adaptation Notes

  • Vue/Svelte: Change --include="*.jsx" to --include="*.vue" or --include="*.svelte"
  • Next.js: Add pages/ and app/ directories to scan paths
  • React Native: Add check for Platform-specific code
  • Monorepo: Run from each package directory separately

Related Skills

  • release-checklist
  • auth-integration-review
  • onboarding-ux-audit
  • security-hardening

Resources

Usage Guidance
This skill appears safe to install for guided dashboard audits. Before running its commands, set the PROJECT_SRC and related configuration values to the intended project paths so scans stay focused on the codebase you mean to review.
Capability Assessment
Purpose & Capability
The stated purpose is to audit React dashboards for hardcoded values, auth/tier inconsistencies, onboarding issues, stale components, and release-readiness gaps; the artifact content matches that purpose.
Instruction Scope
Instructions are explicit and user-directed, centered on configurable grep/find checks, manual checklist review, and verification steps. No prompt-injection behavior, hidden instructions, or unrelated authority was found.
Install Mechanism
The package contains a single non-executable SKILL.md file, declares no dependencies or API-key requirement, and has clean static, dependency, VirusTotal, and SkillSpector signals.
Credentials
The requested local source scans and optional dev-server/browser verification are proportionate to a dashboard audit. Paths are configurable through PROJECT_SRC and related variables.
Persistence & Privilege
No persistence, background process, privilege escalation, credential/session-store access, destructive behavior, or external data exfiltration is present in the artifact.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install dashboard-pre-flight
  3. After installation, invoke the skill by name or use /dashboard-pre-flight
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
dashboard-pre-flight 1.0.0 — Initial release - Provides a universal audit checklist for React dashboards. - Detects issues like hardcoded values, tier bypasses, stale components, and onboarding inconsistencies. - Includes step-by-step verification and configuration guidance for release-readiness. - Offers tooling-agnostic scans and best practices for tier, auth, and pricing handling. - Adaptable for Vue, Svelte, Next.js, React Native, and monorepos.
Metadata
Slug dashboard-pre-flight
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Pre-flight?

Universal React dashboard audit — detect hardcoded values, tier bypasses, stale components, and onboarding inconsistencies before users see them. It is an AI Agent Skill for Claude Code / OpenClaw, with 41 downloads so far.

How do I install Pre-flight?

Run "/install dashboard-pre-flight" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Pre-flight free?

Yes, Pre-flight is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Pre-flight support?

Pre-flight is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Pre-flight?

It is built and maintained by Tooled-app (@tooled-app); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments