← Back to Skills Marketplace
huamu668

Web Quality Audit

by huamu668 · GitHub ↗ · v2.0.0
cross-platform ⚠ suspicious
335
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install web-quality-audit-ecc
Description
Comprehensive web quality audit covering performance, accessibility, SEO, best practices, and browser automation testing. Supports automated testing with Pin...
Usage Guidance
This skill contains a small, harmless HTML static-check script and a detailed audit spec, but it also claims browser automation (PinchTab) and 'token-efficient' extraction without providing code or install/credential requirements for those features. Before installing or using: 1) Ask the publisher to explain/attach the PinchTab integration and provide an install spec or clarify that browser automation is optional. 2) Be cautious when supplying a project: the skill's instructions ask for full source output, which will include secrets (API keys, tokens) if they exist — remove or redact secrets first. 3) If the skill will run automation that needs tokens, require explicit declaration of which env vars or credentials are needed and why. 4) Test the skill in a sandbox environment with non-sensitive sample projects. 5) Monitor outputs for unexpected exfiltration (unknown endpoints or tokens). If the author cannot justify the missing install/credential details for the advertised browser automation, treat the feature as untrusted or incomplete.
Capability Analysis
Type: OpenClaw Skill Name: web-quality-audit-ecc Version: 2.0.0 The skill bundle provides a web quality audit framework that includes a benign static analysis script (scripts/analyze.sh) but features high-risk instructions in SKILL.md. It directs the agent to install an unverified third-party tool (PinchTab) using a 'curl | bash' command from pinchtab.com, which is a classic vector for remote code execution. While the documentation is detailed and lacks explicit evidence of malicious intent like data exfiltration, the reliance on unverified external binaries and the future-dated metadata in _meta.json warrant a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description (web quality audit with browser automation) mostly matches the included static analyzer (scripts/analyze.sh) and the Lighthouse-style guidance. However, the SKILL.md repeatedly advertises browser automation with PinchTab and 'token-efficient content extraction' while the package has no install spec, no glue code, and no PinchTab integration. That claimed capability is not implemented in the provided files, which is an incoherence: either the skill is incomplete or it expects runtime access to external tooling that isn't declared.
Instruction Scope
SKILL.md instructs the agent to analyze projects and to include 'Full source of all included files' in the audit output. That is appropriate for a code audit but it explicitly directs the agent to collect and output entire file contents, which can include sensitive secrets or private data. The actual analyze.sh implements lightweight static HTML checks (doctype, charset, viewport, lang, img alt, title, http links) and outputs a JSON with issues/warnings — it does not perform browser automation or network calls. The instruction to validate with PinchTab is not reflected in the script.
Install Mechanism
There is no install spec (instruction-only plus a small script), so nothing is written to disk beyond the provided files — low installation risk. However, because the SKILL.md references browser automation (PinchTab) and multi-instance orchestration but provides no guidance on installing or authorizing that tooling, this is inconsistent and may lead implementers to run ad-hoc installs or fetch external tools at runtime.
Credentials
The manifest declares no required environment variables or credentials, which aligns with the provided static script. But SKILL.md's language about 'token-efficient content extraction' and PinchTab (which typically requires tokens or drivers) suggests omitted credential requirements. The absence of declared env vars while advertising token-based automation is a mismatch and could hide later requests for tokens or credentials if the skill were extended.
Persistence & Privilege
The skill does not request always:true, does not declare system config changes, and is user-invocable only. It does not appear to request persistent privileges or to modify other skills' configurations.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install web-quality-audit-ecc
  3. After installation, invoke the skill by name or use /web-quality-audit-ecc
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Version 2.0.0 — Major update introducing browser automation and expanded audit functionality. - Adds browser automation testing using PinchTab for real-world validation during audits. - Expands audit scope: now covers 150+ checks for performance, accessibility, SEO, and best practices. - Provides clearer severity levels and actionable, categorized recommendations (with code examples). - Introduces structured audit output format and quick deployment/review checklists. - Includes detailed documentation for PinchTab setup and integration with audits. - Improves guidance on Core Web Vitals, accessibility, and technical SEO requirements.
Metadata
Slug web-quality-audit-ecc
Version 2.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Web Quality Audit?

Comprehensive web quality audit covering performance, accessibility, SEO, best practices, and browser automation testing. Supports automated testing with Pin... It is an AI Agent Skill for Claude Code / OpenClaw, with 335 downloads so far.

How do I install Web Quality Audit?

Run "/install web-quality-audit-ecc" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Web Quality Audit free?

Yes, Web Quality Audit is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Web Quality Audit support?

Web Quality Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Web Quality Audit?

It is built and maintained by huamu668 (@huamu668); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments