ClawHub

accesslint

v1.0.2

Web accessibility & WCAG compliance scanner — detects WCAG 2.1 violations, missing ARIA attributes, color contrast issues, keyboard navigation problems, and...

0· 90·0 current·0 all-time
by@suhteevah

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for suhteevah/accesslint.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "accesslint" (suhteevah/accesslint) from ClawHub.
Skill page: https://clawhub.ai/suhteevah/accesslint
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: git, bash, python3, jq
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install accesslint

ClawHub CLI

Package manager switcher

npx clawhub@latest install accesslint
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (WCAG/static template scanning) align with what the skill installs and runs: it contains pattern definitions, an analyzer, and a CLI entrypoint. The declared primary credential (ACCESSLINT_LICENSE_KEY) matches the license checks in license.sh. The brew install lefthook makes sense for the pre-commit hook feature.
Instruction Scope
SKILL.md and the scripts instruct the agent to run local shell scripts that scan files, generate reports, and optionally install git hooks. The runtime code reads ~/.openclaw/openclaw.json (to obtain an apiKey) and may read ACCESSLINT_LICENSE_KEY and optional ACCESSLINT_SKILL_DIR; otherwise it performs local filesystem scanning (find/grep) and pattern matching. There are no instructions to send data to external endpoints or to read unrelated system secrets.
Install Mechanism
Install spec only requests the lefthook Homebrew formula (a common git-hooks manager). The skill's code is included in the package (scripts/*.sh, patterns.sh), so nothing is being fetched from arbitrary URLs at install-time. This is a low-risk, expected install mechanism for the described feature.
Credentials
The only required credential is ACCESSLINT_LICENSE_KEY (primaryEnv), which is appropriate for tiered features. The code also optionally reads ~/.openclaw/openclaw.json (declared in SKILL.md) and will consult environment variables like ACCESSLINT_SKILL_DIR and CLAWHUB_JWT_SECRET if present — these are reasonable for configuration/license verification but are not listed as required env vars in the registry metadata. No unrelated cloud credentials or broad secrets are requested.
Persistence & Privilege
The skill does not request always:true. Hooks install will modify the repository's lefthook.yml and run lefthook install (expected for a pre-commit integration). Note: installed pre-commit hooks execute on each commit and will source the skill's scripts from ACCESSLINT_SKILL_DIR (default ~/.openclaw/skills/accesslint), so ensure that path is trusted and not writable by untrusted users.
Assessment
This skill appears to be what it claims: a local, regex-based accessibility scanner with optional paid features gated by a license key. Before installing: 1) Confirm you trust the skill source and that the installation path (default ~/.openclaw/skills/accesslint or ACCESSLINT_SKILL_DIR) is secure — git hooks will source scripts from that location on every commit. 2) Expect the tool to read ~/.openclaw/openclaw.json or ACCESSLINT_LICENSE_KEY for license info; if you keep sensitive keys in that config, be aware the skill will read them (only to validate license). 3) The installer asks you to brew install lefthook and requires standard CLI tools (git, bash, grep, find, python3/jq optional). 4) There is no evidence of network exfiltration or calls to external services in the provided scripts. If you need higher assurance, review the shipped scripts (patterns.sh, analyzer.sh, license.sh) yourself and verify that ACCESSLINT_SKILL_DIR is not writable by other users on your system.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Clawdis
OSmacOS · Linux · Windows
Binsgit, bash, python3, jq
Primary envACCESSLINT_LICENSE_KEY

Install

Install lefthook (git hooks manager)
Bins: lefthook
brew install lefthook
latestvk97e6ekhxk2nkh5evk6ttp4yzn84vp1m
90downloads
0stars
3versions
Updated 1w ago
v1.0.2
MIT-0
macOS, Linux, Windows
@suhteevah
latest
Download

AccessLint — Web Accessibility & WCAG Compliance Scanner

AccessLint scans codebases for WCAG 2.1 violations, missing ARIA attributes, color contrast issues, keyboard navigation problems, form accessibility failures, and semantic HTML anti-patterns. It uses regex-based pattern matching against 95+ accessibility patterns across HTML, JSX, Vue, and Svelte templates. Lefthook integration for git hooks, markdown accessibility reports with WCAG success criterion mapping.

Commands

Free Tier (No license required)

accesslint scan [file|directory]

One-shot accessibility scan of files or directories.

How to execute:

bash "<SKILL_DIR>/scripts/accesslint.sh" scan [target]

What it does:

  1. Accepts a file path or directory (defaults to current directory)
  2. Auto-detects file type from extensions (HTML, JSX, TSX, Vue, Svelte)
  3. Finds all template/component files that contain markup
  4. Runs 95+ accessibility patterns against each file
  5. Calculates an accessibility score (0-100) per file and overall
  6. Outputs findings with: file, line number, check ID, severity, WCAG criterion, description, recommendation
  7. Exit code 0 if passing (score >= 70), exit code 1 if issues found
  8. Free tier limited to 5 files per scan

Example usage scenarios:

  • "Scan my code for accessibility issues" -> runs accesslint scan .
  • "Check this component for WCAG violations" -> runs accesslint scan src/components/Button.tsx
  • "Audit my templates for missing ARIA attributes" -> runs accesslint scan src/
  • "Are there any accessibility problems in my frontend?" -> runs accesslint scan .

Pro Tier ($19/user/month -- requires ACCESSLINT_LICENSE_KEY)

accesslint hooks install

Install git pre-commit hooks that scan staged files for accessibility issues before every commit.

How to execute:

bash "<SKILL_DIR>/scripts/accesslint.sh" hooks install

What it does:

  1. Validates Pro+ license
  2. Copies lefthook config to project root
  3. Installs lefthook pre-commit hook
  4. On every commit: scans all staged template files for accessibility violations, blocks commit if critical/high findings, shows remediation advice

accesslint hooks uninstall

Remove AccessLint git hooks.

bash "<SKILL_DIR>/scripts/accesslint.sh" hooks uninstall

accesslint report [directory]

Generate a markdown accessibility report with findings, severity breakdown, and WCAG criterion mapping.

bash "<SKILL_DIR>/scripts/accesslint.sh" report [directory]

What it does:

  1. Validates Pro+ license
  2. Runs full scan of the directory
  3. Generates a formatted markdown report from template
  4. Includes per-file breakdowns, accessibility scores, WCAG 2.1 success criterion references
  5. Output suitable for accessibility reviews and compliance audits

accesslint audit [directory]

Deep accessibility audit with component analysis and ARIA coverage checks.

bash "<SKILL_DIR>/scripts/accesslint.sh" audit [directory]

What it does:

  1. Validates Pro+ license
  2. Runs all 95+ patterns including framework-specific and dynamic content patterns
  3. Analyzes component-level accessibility coverage
  4. Reports ARIA attribute completeness across the codebase
  5. Provides heading hierarchy and landmark region analysis

Team Tier ($39/user/month -- requires ACCESSLINT_LICENSE_KEY with team tier)

accesslint policy [directory]

Enforce organization-specific accessibility policies on codebases.

bash "<SKILL_DIR>/scripts/accesslint.sh" policy [directory]

What it does:

  1. Validates Team+ license
  2. Loads custom policies from ~/.openclaw/openclaw.json (accesslint.config.customPolicies)
  3. Enforces organization-specific rules (e.g., required ARIA patterns, banned inaccessible patterns, mandatory alt text)
  4. Combines custom policies with built-in patterns for comprehensive scanning
  5. Outputs SARIF-compatible results

accesslint sarif [directory]

Generate SARIF JSON output for CI/CD integration.

bash "<SKILL_DIR>/scripts/accesslint.sh" sarif [directory]

What it does:

  1. Validates Team+ license
  2. Runs full scan of the directory
  3. Outputs findings in SARIF 2.1.0 JSON format
  4. Compatible with GitHub Code Scanning, Azure DevOps, and other SARIF consumers

accesslint wcag [directory]

Generate WCAG 2.1 AA/AAA compliance report.

bash "<SKILL_DIR>/scripts/accesslint.sh" wcag [directory]

What it does:

  1. Validates Team+ license
  2. Runs full scan with all patterns
  3. Maps findings to WCAG 2.1 success criteria (Level A, AA, AAA)
  4. Generates comprehensive compliance report with pass/fail per criterion
  5. Includes executive summary, detailed findings, and remediation roadmap

accesslint status

Show license and configuration information.

bash "<SKILL_DIR>/scripts/accesslint.sh" status

Detected Violations

AccessLint detects 95+ accessibility patterns across 6 categories:

CategoryExamplesSeverity
Missing ARIA & RolesImages without alt, buttons without accessible names, inputs without labels, icon-only buttons without aria-label, SVG without title/role, links with no text contentCritical/High
Semantic HTML Issuesdiv/span used as button/link, nested interactive elements, heading hierarchy violations, multiple h1 tags, missing lang attribute, missing document titleCritical/High
Keyboard NavigationClick handlers without keyboard equivalent, mouseOnly events, missing focus styles, tabindex misuse, focus traps without escapeHigh/Medium
Form AccessibilityInputs without associated labels, missing fieldset/legend, placeholder-only labels, required fields without aria-required, error messages not linkedCritical/High
Color & VisualColor-only information, potential low contrast patterns, missing prefers-reduced-motion, animations without motion preferenceHigh/Medium
Dynamic ContentLive regions without aria-live, loading states without announcements, modals without focus management, toast/notification without role=alertHigh/Medium

Configuration

Users can configure AccessLint in ~/.openclaw/openclaw.json:

{
  "skills": {
    "entries": {
      "accesslint": {
        "enabled": true,
        "apiKey": "YOUR_LICENSE_KEY_HERE",
        "config": {
          "severityThreshold": "high",
          "customPolicies": [],
          "excludePatterns": ["**/test/**", "**/examples/**", "**/storybook/**"],
          "wcagLevel": "AA",
          "reportFormat": "markdown"
        }
      }
    }
  }
}

Important Notes

  • Free tier works immediately with no configuration
  • All scanning happens locally -- no code is sent to external servers
  • License validation is offline -- no phone-home or network calls
  • Pattern matching only -- no AST parsing, no external dependencies
  • Supports scanning multiple template formats in a single pass
  • Git hooks use lefthook which must be installed (see install metadata above)
  • Exit codes: 0 = passing (score >= 70), 1 = issues found (for CI/CD integration)
  • Addresses WCAG 2.1 Level A, AA, and AAA success criteria

Error Handling

  • If lefthook is not installed and user tries hooks install, prompt to install it
  • If license key is invalid or expired, show clear message with link to https://accesslint.pages.dev/renew
  • If a file is binary, skip it automatically with no warning
  • If no scannable files found in target, report clean scan with info message
  • If file type cannot be determined from extension, skip the file gracefully

When to Use AccessLint

The user might say things like:

  • "Scan my code for accessibility issues"
  • "Check for WCAG violations in my frontend"
  • "Are there any missing ARIA attributes in my components?"
  • "Audit my templates for accessibility problems"
  • "Check if my forms have proper labels"
  • "Scan for keyboard navigation issues"
  • "Check my React components for a11y issues"
  • "Generate an accessibility report"
  • "Set up pre-commit hooks for accessibility"
  • "Check for missing alt text on images"
  • "Are there any heading hierarchy problems?"
  • "Scan for color contrast issues"
  • "Run WCAG compliance checks on my templates"

Comments

Loading comments...