← Back to Skills Marketplace
maverick-software

Website Auditor

by maverick-software · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
413
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install website-auditor
Description
Audit any website across 8 quality signals to determine if it is outdated, broken, or neglected. Returns a structured audit dict used by the lead-scorer skill.
Usage Guidance
This skill appears to implement a reasonable website auditor, but there are a few practical and privacy issues you should resolve before installing: - Metadata mismatch: SKILL.md declares a required environment variable (PAGESPEED_API_KEY) and lists Python packages, yet the registry entry lists no required env or install steps. Ask the publisher to correct the registry metadata or provide a clear install spec so you know what the skill needs and why. - Dependencies: The skill imports non-standard Python packages (Wappalyzer, python-whois, lxml). If your agent environment doesn't already have these, the skill will fail. Prefer an install spec (pip/packaging) or run the skill in a sandboxed environment. - Raw HTML disclosure: The skill returns raw_html and documents it will be consumed by another skill. That can leak sensitive content (forms, tokens in page markup, private data). Confirm how downstream skills handle that data and whether you are comfortable with the coupling. - Credential handling: Only provide a PAGESPEED_API_KEY if you trust the skill. The key is appropriate for the feature, but the registry mismatch means the platform may not prompt you to supply it. - Network activity: The skill performs active network probes (HTTP fetches, SSL cert checks, whois, third-party API calls). If you need to limit outbound network access, run this skill in a restricted/sandboxed context. If you cannot get clarification from the publisher, consider treating the skill as untrusted: run it in an isolated environment, do not supply privileged credentials, and audit any downstream consumers that will receive raw_html.
Capability Analysis
Type: OpenClaw Skill Name: website-auditor Version: 1.0.0 The skill's stated purpose is to audit websites, and its core functionality aligns with this. However, the `audit_website_async` function in `SKILL.md` uses `aiohttp.TCPConnector(ssl=False)` when fetching website content. This disables SSL certificate verification for the underlying connection, making the client vulnerable to Man-in-the-Middle attacks during the initial data fetch. While a separate `check_ssl` function attempts to verify the target site's SSL, the `raw_html` and headers could be compromised during the `aiohttp` request, representing a critical security vulnerability rather than intentional malicious behavior.
Capability Assessment
Purpose & Capability
The declared runtime actions (HTTP checks, Wappalyzer tech detection, PageSpeed API, whois/SSL checks) are coherent with a website audit. However the skill's SKILL.md metadata lists required packages and an environment variable (PAGESPEED_API_KEY) while the registry entry shows no required env vars or install steps — that's an inconsistency that could cause the skill to fail or hide needed permissions.
Instruction Scope
Instructions stay within the stated purpose (fetch page, analyze HTML/headers, detect tech, query PageSpeed). Two things to flag: (1) the skill returns raw_html in the output and explicitly notes it's used by another skill (contact-enrichment), which means page content may be forwarded to other components — a privacy/exfiltration risk depending on downstream handling; (2) the SKILL.md contains network/socket operations (requests, Wappalyzer, whois, SSL checks) which are expected but should be understood as active network probes.
Install Mechanism
This is instruction-only with no install spec. SKILL.md lists Python packages (requests, beautifulsoup4, lxml, python-Wappalyzer, python-whois) but there is no platform-level install instruction. That means the runtime must already provide these packages or the skill will fail. Absence of an install spec is a practical/operational risk and increases likelihood of silent failures.
Credentials
The only credential referenced in SKILL.md is PAGESPEED_API_KEY, which is proportionate for calling Google PageSpeed API. The registry metadata, however, does not declare this required env var — the mismatch is concerning because users/platforms won't be warned to supply the key, and the skill may behave differently if the key isn't present.
Persistence & Privilege
No elevated persistence requested (always:false). The skill is user-invocable and can be invoked autonomously (platform default) but it does not request system-level config changes or cross-skill configuration edits in the provided instructions.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install website-auditor
  3. After installation, invoke the skill by name or use /website-auditor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Audits websites across all 8 quality signals: HTTP status, copyright year, Last-Modified header, Wappalyzer tech stack, Google PageSpeed score, mobile responsiveness, SSL certificate, and design age signals. Async batch support included.
Metadata
Slug website-auditor
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Website Auditor?

Audit any website across 8 quality signals to determine if it is outdated, broken, or neglected. Returns a structured audit dict used by the lead-scorer skill. It is an AI Agent Skill for Claude Code / OpenClaw, with 413 downloads so far.

How do I install Website Auditor?

Run "/install website-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Website Auditor free?

Yes, Website Auditor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Website Auditor support?

Website Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Website Auditor?

It is built and maintained by maverick-software (@maverick-software); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments