accesslint
v1.0.2Web accessibility & WCAG compliance scanner — detects WCAG 2.1 violations, missing ARIA attributes, color contrast issues, keyboard navigation problems, and...
⭐ 0· 46·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (WCAG/static template scanning) align with what the skill installs and runs: it contains pattern definitions, an analyzer, and a CLI entrypoint. The declared primary credential (ACCESSLINT_LICENSE_KEY) matches the license checks in license.sh. The brew install lefthook makes sense for the pre-commit hook feature.
Instruction Scope
SKILL.md and the scripts instruct the agent to run local shell scripts that scan files, generate reports, and optionally install git hooks. The runtime code reads ~/.openclaw/openclaw.json (to obtain an apiKey) and may read ACCESSLINT_LICENSE_KEY and optional ACCESSLINT_SKILL_DIR; otherwise it performs local filesystem scanning (find/grep) and pattern matching. There are no instructions to send data to external endpoints or to read unrelated system secrets.
Install Mechanism
Install spec only requests the lefthook Homebrew formula (a common git-hooks manager). The skill's code is included in the package (scripts/*.sh, patterns.sh), so nothing is being fetched from arbitrary URLs at install-time. This is a low-risk, expected install mechanism for the described feature.
Credentials
The only required credential is ACCESSLINT_LICENSE_KEY (primaryEnv), which is appropriate for tiered features. The code also optionally reads ~/.openclaw/openclaw.json (declared in SKILL.md) and will consult environment variables like ACCESSLINT_SKILL_DIR and CLAWHUB_JWT_SECRET if present — these are reasonable for configuration/license verification but are not listed as required env vars in the registry metadata. No unrelated cloud credentials or broad secrets are requested.
Persistence & Privilege
The skill does not request always:true. Hooks install will modify the repository's lefthook.yml and run lefthook install (expected for a pre-commit integration). Note: installed pre-commit hooks execute on each commit and will source the skill's scripts from ACCESSLINT_SKILL_DIR (default ~/.openclaw/skills/accesslint), so ensure that path is trusted and not writable by untrusted users.
Assessment
This skill appears to be what it claims: a local, regex-based accessibility scanner with optional paid features gated by a license key. Before installing: 1) Confirm you trust the skill source and that the installation path (default ~/.openclaw/skills/accesslint or ACCESSLINT_SKILL_DIR) is secure — git hooks will source scripts from that location on every commit. 2) Expect the tool to read ~/.openclaw/openclaw.json or ACCESSLINT_LICENSE_KEY for license info; if you keep sensitive keys in that config, be aware the skill will read them (only to validate license). 3) The installer asks you to brew install lefthook and requires standard CLI tools (git, bash, grep, find, python3/jq optional). 4) There is no evidence of network exfiltration or calls to external services in the provided scripts. If you need higher assurance, review the shipped scripts (patterns.sh, analyzer.sh, license.sh) yourself and verify that ACCESSLINT_SKILL_DIR is not writable by other users on your system.Like a lobster shell, security has layers — review code before you run it.
latestvk97e6ekhxk2nkh5evk6ttp4yzn84vp1m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
♿ Clawdis
OSmacOS · Linux · Windows
Binsgit, bash, python3, jq
Primary envACCESSLINT_LICENSE_KEY
Install
Install lefthook (git hooks manager)
Bins: lefthook
brew install lefthook