← 返回 Skills 市场
335
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install web-quality-audit-ecc
功能描述
Comprehensive web quality audit covering performance, accessibility, SEO, best practices, and browser automation testing. Supports automated testing with Pin...
安全使用建议
This skill contains a small, harmless HTML static-check script and a detailed audit spec, but it also claims browser automation (PinchTab) and 'token-efficient' extraction without providing code or install/credential requirements for those features. Before installing or using: 1) Ask the publisher to explain/attach the PinchTab integration and provide an install spec or clarify that browser automation is optional. 2) Be cautious when supplying a project: the skill's instructions ask for full source output, which will include secrets (API keys, tokens) if they exist — remove or redact secrets first. 3) If the skill will run automation that needs tokens, require explicit declaration of which env vars or credentials are needed and why. 4) Test the skill in a sandbox environment with non-sensitive sample projects. 5) Monitor outputs for unexpected exfiltration (unknown endpoints or tokens). If the author cannot justify the missing install/credential details for the advertised browser automation, treat the feature as untrusted or incomplete.
功能分析
Type: OpenClaw Skill
Name: web-quality-audit-ecc
Version: 2.0.0
The skill bundle provides a web quality audit framework that includes a benign static analysis script (scripts/analyze.sh) but features high-risk instructions in SKILL.md. It directs the agent to install an unverified third-party tool (PinchTab) using a 'curl | bash' command from pinchtab.com, which is a classic vector for remote code execution. While the documentation is detailed and lacks explicit evidence of malicious intent like data exfiltration, the reliance on unverified external binaries and the future-dated metadata in _meta.json warrant a suspicious classification.
能力评估
Purpose & Capability
The name/description (web quality audit with browser automation) mostly matches the included static analyzer (scripts/analyze.sh) and the Lighthouse-style guidance. However, the SKILL.md repeatedly advertises browser automation with PinchTab and 'token-efficient content extraction' while the package has no install spec, no glue code, and no PinchTab integration. That claimed capability is not implemented in the provided files, which is an incoherence: either the skill is incomplete or it expects runtime access to external tooling that isn't declared.
Instruction Scope
SKILL.md instructs the agent to analyze projects and to include 'Full source of all included files' in the audit output. That is appropriate for a code audit but it explicitly directs the agent to collect and output entire file contents, which can include sensitive secrets or private data. The actual analyze.sh implements lightweight static HTML checks (doctype, charset, viewport, lang, img alt, title, http links) and outputs a JSON with issues/warnings — it does not perform browser automation or network calls. The instruction to validate with PinchTab is not reflected in the script.
Install Mechanism
There is no install spec (instruction-only plus a small script), so nothing is written to disk beyond the provided files — low installation risk. However, because the SKILL.md references browser automation (PinchTab) and multi-instance orchestration but provides no guidance on installing or authorizing that tooling, this is inconsistent and may lead implementers to run ad-hoc installs or fetch external tools at runtime.
Credentials
The manifest declares no required environment variables or credentials, which aligns with the provided static script. But SKILL.md's language about 'token-efficient content extraction' and PinchTab (which typically requires tokens or drivers) suggests omitted credential requirements. The absence of declared env vars while advertising token-based automation is a mismatch and could hide later requests for tokens or credentials if the skill were extended.
Persistence & Privilege
The skill does not request always:true, does not declare system config changes, and is user-invocable only. It does not appear to request persistent privileges or to modify other skills' configurations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install web-quality-audit-ecc - 安装完成后,直接呼叫该 Skill 的名称或使用
/web-quality-audit-ecc触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
Version 2.0.0 — Major update introducing browser automation and expanded audit functionality.
- Adds browser automation testing using PinchTab for real-world validation during audits.
- Expands audit scope: now covers 150+ checks for performance, accessibility, SEO, and best practices.
- Provides clearer severity levels and actionable, categorized recommendations (with code examples).
- Introduces structured audit output format and quick deployment/review checklists.
- Includes detailed documentation for PinchTab setup and integration with audits.
- Improves guidance on Core Web Vitals, accessibility, and technical SEO requirements.
元数据
常见问题
Web Quality Audit 是什么?
Comprehensive web quality audit covering performance, accessibility, SEO, best practices, and browser automation testing. Supports automated testing with Pin... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 335 次。
如何安装 Web Quality Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install web-quality-audit-ecc」即可一键安装,无需额外配置。
Web Quality Audit 是免费的吗?
是的,Web Quality Audit 完全免费(开源免费),可自由下载、安装和使用。
Web Quality Audit 支持哪些平台?
Web Quality Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Web Quality Audit?
由 huamu668(@huamu668)开发并维护,当前版本 v2.0.0。
推荐 Skills