前端性能审计清单
v1.1.0提供网页性能诊断流程和优化建议,涵盖Core Web Vitals、资源加载、代码分割、图片懒加载与缓存策略。
⭐ 0· 74·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (frontend performance audit) matches the SKILL.md: Lighthouse, DevTools workflows, vite/nginx snippets, and PerformanceObserver usage are appropriate and expected for this purpose. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
Instructions are scoped to performance diagnosis and remediation steps (Lighthouse, Coverage, Network, config/code examples). They do not instruct reading system files, secrets, or sending data to unexpected external endpoints. The only network action suggested is running npx lighthouse or loading resources from CDNs, which is consistent with the topic.
Install Mechanism
No install spec or code files are included (instruction-only). This is low-risk. Note: SKILL.md suggests using npx (which fetches an npm package at runtime) but that is a normal, user-invoked diagnostic action rather than an automatic install by the skill.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to a documentation/checklist skill.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. Agent autonomous invocation is allowed (platform default) but is not combined here with other red flags.
Assessment
This is a readable checklist and code-snippet collection for frontend performance auditing — it appears coherent and safe. Before using: (1) review and test any config/code changes in a staging environment (don’t paste snippets blindly into production); (2) running suggested commands like `npx lighthouse` will download and run an npm package at runtime — only run those on a trusted machine and network; (3) note a small metadata mismatch (pack metadata version differs from registry version) — likely benign but worth noticing; (4) because this skill is instruction-only, it won’t automatically execute code, but if you invoke suggested commands they will run on your system, so exercise usual caution.Like a lobster shell, security has layers — review code before you run it.
latestvk976d3k3c4r9fm1r6gr1sa8fa584b3es
License
MIT-0
Free to use, modify, and redistribute. No attribution required.