Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Axe DevTools
v4.0.0Accessibility testing and remediation using the axe MCP Server. Use when creating or modifying UI code (HTML, JSX, TSX, Vue, Svelte, CSS) to ensure accessibility compliance. Triggers on tasks involving web pages, components, forms, navigation, modals, tables, images, or any user-facing markup. Also use when explicitly asked to check accessibility or run an axe scan.
⭐ 0· 1k·1 current·1 all-time
by@dylanb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description align with the included code and SKILL.md: it calls an axe MCP server to analyze and remediate accessibility issues. However the registry metadata claims no required env vars or binaries while both the README and the script require AXE_API_KEY and Docker (the script spawns `docker run`). This metadata mismatch is an inconsistency.
Instruction Scope
SKILL.md and the wrapper script limit runtime actions to launching a Docker container for the MCP server and sending JSON-RPC commands (analyze/remediate/tools-list). The instructions do not ask to read unrelated files or exfiltrate local data. Note: the skill will pass AXE_API_KEY into the container and honors an optional AXE_SERVER_URL env var (which could point the workload to a custom server).
Install Mechanism
There is no install spec (instruction-only), which is low risk. Runtime behavior will pull/run the Docker image dequesystems/axe-mcp-server:latest. That image is the expected vendor image, but pulling an image at runtime (and using the unpinned :latest tag) has provenance risks — you should trust or pin the image digest before use.
Credentials
The code and SKILL.md require AXE_API_KEY (and optionally AXE_SERVER_URL) but the registry metadata lists no required env vars. The script injects AXE_API_KEY into a third-party container environment, which is normal for API access but means your secret is handed to that image; ensure the image is trusted and the key is least-privilege. Additionally, the script expects the docker binary to exist but metadata doesn't declare required binaries.
Persistence & Privilege
The skill does not request persistent/always-on presence and does not alter other skill or system configs. It runs on-demand and uses Docker with --rm, so it does not leave persistent processes per the code shown.
What to consider before installing
Things to consider before installing or running this skill:
- Metadata inconsistencies: the registry record claims no required env vars or binaries, but the SKILL.md and scripts require AXE_API_KEY and Docker. Treat the metadata as inaccurate until corrected.
- Secret handling: the script passes AXE_API_KEY into a Docker container (dequesystems/axe-mcp-server). That exposes the key to whatever code is in that image. Only proceed if you trust the image owner, or prefer to run a vetted/pinned image digest under your control.
- Image provenance: the skill uses the :latest tag. Prefer pulling a specific, signed/digested image (or host it in your private registry) to avoid unexpected updates or supply-chain changes.
- Optional endpoint: AXE_SERVER_URL can redirect the tool to a custom server — ensure you control or trust that endpoint.
- Minimal code review: the wrapper script is short and readable; it only spawns docker and forwards JSON-RPC. If you plan to use it, review or run it in an isolated environment first.
- Billing/credits: SKILL.md notes remediate uses AI credits — confirm costs and data sent to the service.
If you want to proceed safely: ask the publisher to update metadata to declare AXE_API_KEY and docker as requirements, request they pin the Docker image (digest), or run the MCP server yourself and set AXE_SERVER_URL to point to your controlled instance. If you cannot verify the image or need to protect secrets, do not provide a production AXE_API_KEY to this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk971g9w5fqrsdpn0cx02a25wzd8105ev
License
MIT-0
Free to use, modify, and redistribute. No attribution required.