ClawHub

Webperf Loading

v0.1.0

Intelligent loading performance analysis with automated workflows for TTFB investigation (DNS/connection/server breakdown), render-blocking detection, script...

0· 188·1 current·1 all-time
by@nucliweb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe loading/TTFB/render-blocking analysis and the package contains numerous browser-side JS snippets and an MCP-oriented SKILL.md that instructs the agent to evaluate those snippets in Chrome DevTools — this is coherent and expected.
Instruction Scope
SKILL.md explicitly instructs the agent to run scripts via mcp__chrome-devtools__evaluate_script and to capture results; scripts access only DOM, Performance API, history, and in a few cases fetch stylesheet text from page-linked URLs. They do not instruct reading local files, unrelated env vars, or posting data to unknown external endpoints.
Install Mechanism
Instruction-only skill (no install spec). Code files are JS snippets intended to run inside the browser via DevTools; nothing is downloaded or executed on the host outside the DevTools context.
Credentials
The skill declares no required environment variables, binaries, or credentials — consistent with browser-side DevTools snippets that operate on page state.
Persistence & Privilege
always:false and no install/persistence steps. Scripts sometimes register window functions (e.g., checkBfcache, getDataFn patterns) to expose tracked results, which is normal for tracking scripts and limited to the page context. The skill does not request system-wide privileges or modify other skills.
Assessment
This skill runs JavaScript inside Chrome DevTools to inspect page loading performance. Review the snippets if you want to ensure they only read page state (DOM, performance entries) — which they do. A few snippets use fetch to load stylesheet text from URLs referenced by the page (expected for CSS analysis). It will not request local credentials or install binaries, but it will run code inside your browser session and may expose results via window functions. If you plan to run it against sensitive production pages, consider testing on a non‑production copy first and review any snippets you plan to run manually. The repository and author are linked in SKILL.md (https://github.com/nucliweb/webperf-snippets); if you need higher assurance, inspect the specific scripts you intend to use.

Like a lobster shell, security has layers — review code before you run it.

latestvk975t6a6z279m1pyxpdyda52wx82qgjy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments