Web Fixing
v1.2.0修复网页和前端界面问题。当用户要求修复网页、调试前端、解决UI问题、修复样式、响应式布局错误、移动端显示异常、CSS问题、JavaScript报错、交互功能失效、生成网页后检查并修复时使用此技能。
⭐ 0· 18·1 current·1 all-time
bysniper-one@aqbjqtd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description describe front-end debugging and repair. The skill is instruction-only and does not request unrelated binaries, environment variables, or credentials. The tools and steps (DevTools, Lighthouse, Playwright as optional) are consistent with web-fixing.
Instruction Scope
SKILL.md provides detailed step-by-step debugging, testing and fix workflows. It references platform tools (browser snapshot/screenshot, web_fetch, read/edit/write) and optional local installs (npx playwright, npm packages). These are reasonable for the task but do imply the agent will use web-fetch and file read/write capabilities if the platform grants them — which can expose page content or workspace files. The instructions do not direct the agent to read unrelated system secrets or infrastructure configs.
Install Mechanism
No install spec and no code files (instruction-only), which is low risk. The SKILL.md mentions optional commands like `npx playwright install --with-deps` and `npm i -D web-vitals`; these are user-optional and would download packages if executed, but they are proportional to end-to-end testing and performance monitoring needs.
Credentials
The skill requires no environment variables, credentials, or config paths. Suggested tools and checks (DevTools, Lighthouse, Playwright) are relevant to front-end debugging and do not demand unrelated secrets. No evidence of attempts to access other skills' credentials or system-wide configs.
Persistence & Privilege
Skill flags: always:false and normal model-invocation allowed. It does not request permanent presence or to modify other skills or agent-wide settings. No install step writes persistent components as part of the skill bundle (instruction-only).
Assessment
This skill appears coherent and focused on front-end debugging. Before enabling it: 1) Confirm which platform tools (web_fetch, read/edit/write, browser snapshot) the agent will be permitted to use — these let the agent fetch pages and read/write workspace files, so restrict them if you don't want that. 2) If you or the agent run the optional npm/npx commands, do so in a sandbox or project workspace because they will download packages and write files. 3) Avoid giving the agent access to private/internal sites unless you trust it to handle sensitive data; test on non-production pages first. 4) Review any changes the agent proposes before applying to production. Overall risk is low because the skill is instruction-only and requests no secrets, but be mindful of tool permissions and npm installs the instructions recommend.Like a lobster shell, security has layers — review code before you run it.
latestvk975vvy194q2r9v1fspq74s1bh84c90b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.