← 返回 Skills 市场
Pre-flight
作者
Tooled-app
· GitHub ↗
· v1.0.0
· MIT-0
41
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install dashboard-pre-flight
功能描述
Universal React dashboard audit — detect hardcoded values, tier bypasses, stale components, and onboarding inconsistencies before users see them.
使用说明 (SKILL.md)
Dashboard Audit Skill
Detect and fix anomalies in any React dashboard before they reach users.
When to Use
- Before any release or deployment
- After auth/tier/subscription changes
- When user reports UI inconsistencies
- Before declaring a feature complete
- When onboarding flow changes
- After integrating a new auth provider
Configuration
Set these at the top of your audit session:
PROJECT_SRC="./src" # Source directory
AUTH_PROVIDER="clerk" # clerk, auth0, firebase, etc.
TIER_PROP="userTier" # Prop name for subscription tier
MODE_STORAGE_KEY="terminal_mode" # localStorage key for mode preference
API_CONSTANT="API_URL" # Constant exported from api client
PRICING_TIERS="free,pro,team" # Comma-separated tier names
AUDIT_RUNS=1 # Number of times to run full audit (1-5)
Note: Set AUDIT_RUNS=2 or higher when:
- Fixing issues found in previous run
- First audit of a legacy codebase
- After major auth or tier refactoring
- Before production releases
Each run should produce zero new issues before proceeding.
Audit Checklist
1. Tier Handling Verification
grep -rn "publicMetadata\|userMetadata\|auth0User" "$PROJECT_SRC/pages/" "$PROJECT_SRC/components/"
- No component reads tier from auth provider metadata directly
- All components accept tier via prop from root/App
- Fallback to base tier only in prop default, never in display logic
2. Hardcoded Content Scan
grep -rn "[email protected]\|example.com\|localhost:3001\|placeholder\|TODO\|FIXME\|HACK" \
--include="*.jsx" --include="*.js" --include="*.tsx" --include="*.ts" "$PROJECT_SRC/"
- No placeholder emails in user-facing output
- No localhost/dev URLs in production code
- No TODO/FIXME/HACK comments (move to issues)
3. Mode/Preference Consistency
grep -rn "localStorage.getItem('$MODE_STORAGE_KEY')" "$PROJECT_SRC/"
- Base tier users default to restricted mode
- Paid tier users default to full mode
- Preference persists across sessions
- Propagates to backend for cross-device sync
4. Onboarding Flow Verification
grep -rn "curl -fsSL\|install.sh\|install.ps1\|iwr -useb\|brew install\|npm install -g" \
"$PROJECT_SRC/pages/Onboarding*" "$PROJECT_SRC/pages/onboarding*"
- No external install commands shown (if integrated)
- Integrated paths referenced instead of external
- Safety layers mentioned if required for full mode
- Example URLs use docs domain, not IP addresses
5. API URL Consistency
grep -rn "192\.168\.\|127\.0\.0\.1\|localhost:" \
--include="*.jsx" --include="*.js" --include="*.tsx" --include="*.ts" "$PROJECT_SRC/" | \
grep -v "$API_CONSTANT"
- All API calls use exported constant
- No hardcoded IPs in components
- Environment-based API switching configured
6. Pricing Consistency
IFS=',' read -ra TIERS \x3C\x3C\x3C "$PRICING_TIERS"
for tier in "${TIERS[@]}"; do
grep -rn "\\\$[0-9]*.*$tier\|$tier.*\\\$[0-9]*" "$PROJECT_SRC/pages/"
done
- No hardcoded prices in UI strings
- Prices fetched from backend or config
- Currency formatting consistent
7. Stale Component Cleanup
find "$PROJECT_SRC/components" -name "*.jsx" -o -name "*.tsx" | \
xargs grep -l "debug\|Debug\|wizard\|Wizard\|setup\|Setup" 2>/dev/null | \
grep -i "debug\|install\|setup\|wizard"
- No debug/login components in production build
- No deprecated install/setup wizards (if integrated)
- No mock/demo components in production
8. Auth Fallback Chain Verification
grep -rn "dev-bypass\|test-token\|mock-user\|fake-" \
--include="*.jsx" --include="*.js" --include="*.tsx" --include="*.ts" "$PROJECT_SRC/"
- No dev bypass tokens in production code
- Auth fallback chains end at "unauthenticated", not fake data
- Mock users cannot access real endpoints
Fixes Applied (Template)
| # | Issue | Location | Fix |
|---|---|---|---|
| 1 | |||
| 2 | |||
| 3 |
Verification Steps
- Start dev server:
npm run devoryarn dev - Clear browser storage for fresh user simulation
- Simulate new user signup with base tier
- Complete onboarding flow
- Simulate upgrade to paid tier
- Execute core workflow in full mode
- Verify no upgrade prompts for paid users
- Check all pages render without console errors
- Verify mobile responsiveness
- Run Lighthouse audit (target: 90+ all categories)
Prevention
- Run this audit before every PR merge
- Add CI check for hardcoded values (
greppatterns above) - Use constants for all URLs, prices, and tier names
- Never read tier from auth provider metadata in components — pass as prop
- Keep onboarding in sync with actual architecture
- Document auth fallback chain in README
Adaptation Notes
- Vue/Svelte: Change
--include="*.jsx"to--include="*.vue"or--include="*.svelte" - Next.js: Add
pages/andapp/directories to scan paths - React Native: Add check for Platform-specific code
- Monorepo: Run from each package directory separately
Related Skills
- release-checklist
- auth-integration-review
- onboarding-ux-audit
- security-hardening
Resources
- IKKF: https://ikkf.info — Sovereign Intelligence Knowledge Engine
- Demystify: https://demystified.website — Tech explainers and analysis
- Tooled: https://tooled.pro — Personal productivity platform
安全使用建议
This skill appears safe to install for guided dashboard audits. Before running its commands, set the PROJECT_SRC and related configuration values to the intended project paths so scans stay focused on the codebase you mean to review.
能力评估
Purpose & Capability
The stated purpose is to audit React dashboards for hardcoded values, auth/tier inconsistencies, onboarding issues, stale components, and release-readiness gaps; the artifact content matches that purpose.
Instruction Scope
Instructions are explicit and user-directed, centered on configurable grep/find checks, manual checklist review, and verification steps. No prompt-injection behavior, hidden instructions, or unrelated authority was found.
Install Mechanism
The package contains a single non-executable SKILL.md file, declares no dependencies or API-key requirement, and has clean static, dependency, VirusTotal, and SkillSpector signals.
Credentials
The requested local source scans and optional dev-server/browser verification are proportionate to a dashboard audit. Paths are configurable through PROJECT_SRC and related variables.
Persistence & Privilege
No persistence, background process, privilege escalation, credential/session-store access, destructive behavior, or external data exfiltration is present in the artifact.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install dashboard-pre-flight - 安装完成后,直接呼叫该 Skill 的名称或使用
/dashboard-pre-flight触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
dashboard-pre-flight 1.0.0 — Initial release
- Provides a universal audit checklist for React dashboards.
- Detects issues like hardcoded values, tier bypasses, stale components, and onboarding inconsistencies.
- Includes step-by-step verification and configuration guidance for release-readiness.
- Offers tooling-agnostic scans and best practices for tier, auth, and pricing handling.
- Adaptable for Vue, Svelte, Next.js, React Native, and monorepos.
元数据
常见问题
Pre-flight 是什么?
Universal React dashboard audit — detect hardcoded values, tier bypasses, stale components, and onboarding inconsistencies before users see them. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 41 次。
如何安装 Pre-flight?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install dashboard-pre-flight」即可一键安装,无需额外配置。
Pre-flight 是免费的吗?
是的,Pre-flight 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pre-flight 支持哪些平台?
Pre-flight 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pre-flight?
由 Tooled-app(@tooled-app)开发并维护,当前版本 v1.0.0。
推荐 Skills