← 返回 Skills 市场
dylanb

Axe DevTools

作者 dylanb · GitHub ↗ · v4.0.0
cross-platform ⚠ suspicious
1170
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install axe-devtools
功能描述
Accessibility testing and remediation using the axe MCP Server. Use when creating or modifying UI code (HTML, JSX, TSX, Vue, Svelte, CSS) to ensure accessibility compliance. Triggers on tasks involving web pages, components, forms, navigation, modals, tables, images, or any user-facing markup. Also use when explicitly asked to check accessibility or run an axe scan.
使用说明 (SKILL.md)

axe Accessibility Skill

Test web pages for accessibility violations and get AI-powered remediation guidance using the axe DevTools MCP Server.

Prerequisites

  • Docker running locally
  • AXE_API_KEY environment variable set
  • Docker image pulled: dequesystems/axe-mcp-server:latest

Tools

The wrapper script at scripts/axe-mcp.js (Node.js — no extra dependencies) provides two tools:

analyze

Scan a live web page for accessibility violations. Requires a URL (works with localhost).

node scripts/axe-mcp.js analyze \x3Curl>

Returns JSON-RPC response. The violations are in result.content[0].text (JSON string) under the data array. Each violation has: rule, impact, description, selector, source, helpUrl.

remediate

Get AI-powered fix guidance for a specific violation. Handles HTML with quotes/brackets safely.

node scripts/axe-mcp.js remediate \x3CruleId> \x3CelementHtml> \x3CissueRemediation> [pageUrl]

Returns general_description, remediation, and code_fix in result.content[0].text.

tools-list

List available MCP tools.

node scripts/axe-mcp.js tools-list

Workflow

When modifying UI code and a live page is available:

  1. Analyzenode scripts/axe-mcp.js analyze \x3Curl>
  2. Parse — extract violations from the JSON response
  3. Remediate — for each unique rule violation, call remediate with ruleId, element HTML, and issue description
  4. Apply — implement the recommended code fixes in source
  5. Verify — re-run analyze to confirm zero violations

When no live page is available (static code review), apply accessibility best practices directly:

  • Images: alt text (or alt="" for decorative)
  • Forms: inputs need associated \x3Clabel> elements
  • Interactive elements: keyboard accessible, visible focus
  • Color contrast: WCAG AA (4.5:1 normal text, 3:1 large text)
  • ARIA: valid, complete, not redundant with native semantics
  • Headings: proper hierarchy (h1 → h2 → h3)
  • Dynamic content: focus management for modals, SPAs, live regions

Notes

  • Each remediate call uses AI credits from your organization's allocation
  • The analyze tool spins up a real browser in Docker — allow ~30s for results
  • Works with localhost URLs for local development testing

Note: Requires a paid Axe DevTools for Web subscription.

Support

For technical support, bug reports, and feature requests:

Pricing & Sales

About Deque

Deque Systems is the trusted leader in digital accessibility.

安全使用建议
Things to consider before installing or running this skill: - Metadata inconsistencies: the registry record claims no required env vars or binaries, but the SKILL.md and scripts require AXE_API_KEY and Docker. Treat the metadata as inaccurate until corrected. - Secret handling: the script passes AXE_API_KEY into a Docker container (dequesystems/axe-mcp-server). That exposes the key to whatever code is in that image. Only proceed if you trust the image owner, or prefer to run a vetted/pinned image digest under your control. - Image provenance: the skill uses the :latest tag. Prefer pulling a specific, signed/digested image (or host it in your private registry) to avoid unexpected updates or supply-chain changes. - Optional endpoint: AXE_SERVER_URL can redirect the tool to a custom server — ensure you control or trust that endpoint. - Minimal code review: the wrapper script is short and readable; it only spawns docker and forwards JSON-RPC. If you plan to use it, review or run it in an isolated environment first. - Billing/credits: SKILL.md notes remediate uses AI credits — confirm costs and data sent to the service. If you want to proceed safely: ask the publisher to update metadata to declare AXE_API_KEY and docker as requirements, request they pin the Docker image (digest), or run the MCP server yourself and set AXE_SERVER_URL to point to your controlled instance. If you cannot verify the image or need to protect secrets, do not provide a production AXE_API_KEY to this skill.
功能分析
Type: OpenClaw Skill Name: axe-devtools Version: 4.0.0 The skill is classified as suspicious due to its reliance on executing `docker run` via `child_process.spawn` in `scripts/axe-mcp.js`. While the script uses a legitimate Docker image (`dequesystems/axe-mcp-server:latest`) and passes arguments safely via JSON, the direct execution of Docker commands is a high-privilege operation. The script also passes `AXE_API_KEY` and potentially `AXE_SERVER_URL` as environment variables to the container. This creates a significant attack surface: a prompt injection against the agent could manipulate these environment variables (e.g., redirecting `AXE_SERVER_URL` to a malicious server) or potentially alter the Docker command itself, leading to unauthorized execution or data exfiltration, even though the current implementation shows no malicious intent.
能力评估
Purpose & Capability
The skill's name/description align with the included code and SKILL.md: it calls an axe MCP server to analyze and remediate accessibility issues. However the registry metadata claims no required env vars or binaries while both the README and the script require AXE_API_KEY and Docker (the script spawns `docker run`). This metadata mismatch is an inconsistency.
Instruction Scope
SKILL.md and the wrapper script limit runtime actions to launching a Docker container for the MCP server and sending JSON-RPC commands (analyze/remediate/tools-list). The instructions do not ask to read unrelated files or exfiltrate local data. Note: the skill will pass AXE_API_KEY into the container and honors an optional AXE_SERVER_URL env var (which could point the workload to a custom server).
Install Mechanism
There is no install spec (instruction-only), which is low risk. Runtime behavior will pull/run the Docker image dequesystems/axe-mcp-server:latest. That image is the expected vendor image, but pulling an image at runtime (and using the unpinned :latest tag) has provenance risks — you should trust or pin the image digest before use.
Credentials
The code and SKILL.md require AXE_API_KEY (and optionally AXE_SERVER_URL) but the registry metadata lists no required env vars. The script injects AXE_API_KEY into a third-party container environment, which is normal for API access but means your secret is handed to that image; ensure the image is trusted and the key is least-privilege. Additionally, the script expects the docker binary to exist but metadata doesn't declare required binaries.
Persistence & Privilege
The skill does not request persistent/always-on presence and does not alter other skill or system configs. It runs on-demand and uses Docker with --rm, so it does not leave persistent processes per the code shown.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install axe-devtools
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /axe-devtools 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v4.0.0
**Major update: Rebranded and expanded skill for axe accessibility testing** - Renamed skill to "axe-accessibility" and updated description for clarity. - Now leverages the axe MCP Server for automated accessibility scans and AI-powered remediation. - Added detailed prerequisites (Docker, API key) and usage instructions for new tools: analyze, remediate, and tools-list. - Introduced a step-by-step workflow for integrating accessibility testing into UI development. - Included static review best practices for code without a live preview. - Provided updated support, pricing, and company information.
元数据
Slug axe-devtools
版本 4.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Axe DevTools 是什么?

Accessibility testing and remediation using the axe MCP Server. Use when creating or modifying UI code (HTML, JSX, TSX, Vue, Svelte, CSS) to ensure accessibility compliance. Triggers on tasks involving web pages, components, forms, navigation, modals, tables, images, or any user-facing markup. Also use when explicitly asked to check accessibility or run an axe scan. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1170 次。

如何安装 Axe DevTools?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install axe-devtools」即可一键安装,无需额外配置。

Axe DevTools 是免费的吗?

是的,Axe DevTools 完全免费(开源免费),可自由下载、安装和使用。

Axe DevTools 支持哪些平台?

Axe DevTools 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Axe DevTools?

由 dylanb(@dylanb)开发并维护,当前版本 v4.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论