Web Performance Engine
v1.0.0Performs comprehensive web performance audits, diagnoses bottlenecks, and provides targeted fixes for server, rendering, hero element, JavaScript, and layout...
⭐ 1· 681·1 current·1 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (web performance audits + fixes) match the SKILL.md content: audit checklists, decision trees, and playbooks. It does not request unrelated binaries, credentials, or config paths and does not attempt to perform capabilities outside performance analysis and remediation guidance.
Instruction Scope
Runtime instructions are limited to site audits (curl checks, inspecting <head>, using web-based tools like pagespeed.web.dev, Lighthouse/WebPageTest when available) and remediation steps. The skill does not instruct reading arbitrary local files or environment variables, nor does it instruct exfiltrating data to unknown endpoints. Note: it assumes the agent can make network requests to the target URL and public audit tools.
Install Mechanism
No install spec and no code files — instruction-only. This is low-risk from an installation perspective because nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required env vars, no credentials, and no config paths. The checks and playbooks do not require secrets; this is proportionate to a performance-audit methodology.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or permission to modify other skills or global agent settings. It is user-invocable and can be invoked autonomously (platform default), which is expected for a skill of this type.
Assessment
This skill is essentially a standalone methodology/playbook and appears internally consistent and low-risk: it asks for no credentials and installs nothing. Before using it, consider: (1) the skill will instruct the agent to fetch target URLs and call public audit services (these requests will appear in access logs), so only audit sites you own or have permission to test; (2) many remediation steps involve changing server configuration — apply changes in staging and review suggested config snippets before deploying; (3) the skill's source is unknown and README contains marketing links (paid 'context packs'), so treat external links and downloads from those pages as you would any third-party site; (4) if you do not want the agent to run shell commands (curl/grep) or make network requests, restrict those capabilities in your agent runtime. Overall the skill is coherent with its purpose and does not exhibit red flags for credential access or hidden behavior.Like a lobster shell, security has layers — review code before you run it.
core-web-vitalsvk97d2pj350jpgwgmpj6m8k2x8d81etf9latestvk97d2pj350jpgwgmpj6m8k2x8d81etf9performancevk97d2pj350jpgwgmpj6m8k2x8d81etf9seovk97d2pj350jpgwgmpj6m8k2x8d81etf9speedvk97d2pj350jpgwgmpj6m8k2x8d81etf9webvk97d2pj350jpgwgmpj6m8k2x8d81etf9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.