← Back to Skills Marketplace
dylanb

Axe DevTools

by dylanb · GitHub ↗ · v4.0.0
cross-platform ⚠ suspicious
1170
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install axe-devtools
Description
Accessibility testing and remediation using the axe MCP Server. Use when creating or modifying UI code (HTML, JSX, TSX, Vue, Svelte, CSS) to ensure accessibility compliance. Triggers on tasks involving web pages, components, forms, navigation, modals, tables, images, or any user-facing markup. Also use when explicitly asked to check accessibility or run an axe scan.
README (SKILL.md)

axe Accessibility Skill

Test web pages for accessibility violations and get AI-powered remediation guidance using the axe DevTools MCP Server.

Prerequisites

  • Docker running locally
  • AXE_API_KEY environment variable set
  • Docker image pulled: dequesystems/axe-mcp-server:latest

Tools

The wrapper script at scripts/axe-mcp.js (Node.js — no extra dependencies) provides two tools:

analyze

Scan a live web page for accessibility violations. Requires a URL (works with localhost).

node scripts/axe-mcp.js analyze \x3Curl>

Returns JSON-RPC response. The violations are in result.content[0].text (JSON string) under the data array. Each violation has: rule, impact, description, selector, source, helpUrl.

remediate

Get AI-powered fix guidance for a specific violation. Handles HTML with quotes/brackets safely.

node scripts/axe-mcp.js remediate \x3CruleId> \x3CelementHtml> \x3CissueRemediation> [pageUrl]

Returns general_description, remediation, and code_fix in result.content[0].text.

tools-list

List available MCP tools.

node scripts/axe-mcp.js tools-list

Workflow

When modifying UI code and a live page is available:

  1. Analyzenode scripts/axe-mcp.js analyze \x3Curl>
  2. Parse — extract violations from the JSON response
  3. Remediate — for each unique rule violation, call remediate with ruleId, element HTML, and issue description
  4. Apply — implement the recommended code fixes in source
  5. Verify — re-run analyze to confirm zero violations

When no live page is available (static code review), apply accessibility best practices directly:

  • Images: alt text (or alt="" for decorative)
  • Forms: inputs need associated \x3Clabel> elements
  • Interactive elements: keyboard accessible, visible focus
  • Color contrast: WCAG AA (4.5:1 normal text, 3:1 large text)
  • ARIA: valid, complete, not redundant with native semantics
  • Headings: proper hierarchy (h1 → h2 → h3)
  • Dynamic content: focus management for modals, SPAs, live regions

Notes

  • Each remediate call uses AI credits from your organization's allocation
  • The analyze tool spins up a real browser in Docker — allow ~30s for results
  • Works with localhost URLs for local development testing

Note: Requires a paid Axe DevTools for Web subscription.

Support

For technical support, bug reports, and feature requests:

Pricing & Sales

About Deque

Deque Systems is the trusted leader in digital accessibility.

Usage Guidance
Things to consider before installing or running this skill: - Metadata inconsistencies: the registry record claims no required env vars or binaries, but the SKILL.md and scripts require AXE_API_KEY and Docker. Treat the metadata as inaccurate until corrected. - Secret handling: the script passes AXE_API_KEY into a Docker container (dequesystems/axe-mcp-server). That exposes the key to whatever code is in that image. Only proceed if you trust the image owner, or prefer to run a vetted/pinned image digest under your control. - Image provenance: the skill uses the :latest tag. Prefer pulling a specific, signed/digested image (or host it in your private registry) to avoid unexpected updates or supply-chain changes. - Optional endpoint: AXE_SERVER_URL can redirect the tool to a custom server — ensure you control or trust that endpoint. - Minimal code review: the wrapper script is short and readable; it only spawns docker and forwards JSON-RPC. If you plan to use it, review or run it in an isolated environment first. - Billing/credits: SKILL.md notes remediate uses AI credits — confirm costs and data sent to the service. If you want to proceed safely: ask the publisher to update metadata to declare AXE_API_KEY and docker as requirements, request they pin the Docker image (digest), or run the MCP server yourself and set AXE_SERVER_URL to point to your controlled instance. If you cannot verify the image or need to protect secrets, do not provide a production AXE_API_KEY to this skill.
Capability Analysis
Type: OpenClaw Skill Name: axe-devtools Version: 4.0.0 The skill is classified as suspicious due to its reliance on executing `docker run` via `child_process.spawn` in `scripts/axe-mcp.js`. While the script uses a legitimate Docker image (`dequesystems/axe-mcp-server:latest`) and passes arguments safely via JSON, the direct execution of Docker commands is a high-privilege operation. The script also passes `AXE_API_KEY` and potentially `AXE_SERVER_URL` as environment variables to the container. This creates a significant attack surface: a prompt injection against the agent could manipulate these environment variables (e.g., redirecting `AXE_SERVER_URL` to a malicious server) or potentially alter the Docker command itself, leading to unauthorized execution or data exfiltration, even though the current implementation shows no malicious intent.
Capability Assessment
Purpose & Capability
The skill's name/description align with the included code and SKILL.md: it calls an axe MCP server to analyze and remediate accessibility issues. However the registry metadata claims no required env vars or binaries while both the README and the script require AXE_API_KEY and Docker (the script spawns `docker run`). This metadata mismatch is an inconsistency.
Instruction Scope
SKILL.md and the wrapper script limit runtime actions to launching a Docker container for the MCP server and sending JSON-RPC commands (analyze/remediate/tools-list). The instructions do not ask to read unrelated files or exfiltrate local data. Note: the skill will pass AXE_API_KEY into the container and honors an optional AXE_SERVER_URL env var (which could point the workload to a custom server).
Install Mechanism
There is no install spec (instruction-only), which is low risk. Runtime behavior will pull/run the Docker image dequesystems/axe-mcp-server:latest. That image is the expected vendor image, but pulling an image at runtime (and using the unpinned :latest tag) has provenance risks — you should trust or pin the image digest before use.
Credentials
The code and SKILL.md require AXE_API_KEY (and optionally AXE_SERVER_URL) but the registry metadata lists no required env vars. The script injects AXE_API_KEY into a third-party container environment, which is normal for API access but means your secret is handed to that image; ensure the image is trusted and the key is least-privilege. Additionally, the script expects the docker binary to exist but metadata doesn't declare required binaries.
Persistence & Privilege
The skill does not request persistent/always-on presence and does not alter other skill or system configs. It runs on-demand and uses Docker with --rm, so it does not leave persistent processes per the code shown.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install axe-devtools
  3. After installation, invoke the skill by name or use /axe-devtools
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v4.0.0
**Major update: Rebranded and expanded skill for axe accessibility testing** - Renamed skill to "axe-accessibility" and updated description for clarity. - Now leverages the axe MCP Server for automated accessibility scans and AI-powered remediation. - Added detailed prerequisites (Docker, API key) and usage instructions for new tools: analyze, remediate, and tools-list. - Introduced a step-by-step workflow for integrating accessibility testing into UI development. - Included static review best practices for code without a live preview. - Provided updated support, pricing, and company information.
Metadata
Slug axe-devtools
Version 4.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Axe DevTools?

Accessibility testing and remediation using the axe MCP Server. Use when creating or modifying UI code (HTML, JSX, TSX, Vue, Svelte, CSS) to ensure accessibility compliance. Triggers on tasks involving web pages, components, forms, navigation, modals, tables, images, or any user-facing markup. Also use when explicitly asked to check accessibility or run an axe scan. It is an AI Agent Skill for Claude Code / OpenClaw, with 1170 downloads so far.

How do I install Axe DevTools?

Run "/install axe-devtools" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Axe DevTools free?

Yes, Axe DevTools is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Axe DevTools support?

Axe DevTools is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Axe DevTools?

It is built and maintained by dylanb (@dylanb); the current version is v4.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments