Skip to main content

performance-audit

This skill enables comprehensive performance audits for web applications, identifying optimization opportunities and enhancing user experience.

Install this skill

or
19/100

Security score

The performance-audit skill was audited on Feb 28, 2026 and we found 21 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 470

Template literal with variable interpolation in command context

SourceSKILL.md
470height: `${virtualizer.getTotalSize()}px`,
medium line 482

Template literal with variable interpolation in command context

SourceSKILL.md
482transform: `translateY(${virtualRow.start}px)`,
medium line 523

Template literal with variable interpolation in command context

SourceSKILL.md
523if (!userRes.ok) throw new Error(`Failed to fetch user: ${userRes.status}`);
medium line 526

Template literal with variable interpolation in command context

SourceSKILL.md
526const postsRes = await fetch(`/api/posts?userId=${user.id}`);
medium line 527

Template literal with variable interpolation in command context

SourceSKILL.md
527if (!postsRes.ok) throw new Error(`Failed to fetch posts: ${postsRes.status}`);
medium line 530

Template literal with variable interpolation in command context

SourceSKILL.md
530const commentsRes = await fetch(`/api/comments?userId=${user.id}`);
medium line 531

Template literal with variable interpolation in command context

SourceSKILL.md
531if (!commentsRes.ok) throw new Error(`Failed to fetch comments: ${commentsRes.status}`);
medium line 542

Template literal with variable interpolation in command context

SourceSKILL.md
542fetch(`/api/user/${userId}`).then(async r => {
medium line 543

Template literal with variable interpolation in command context

SourceSKILL.md
543if (!r.ok) throw new Error(`Failed to fetch user: ${r.status}`);
medium line 546

Template literal with variable interpolation in command context

SourceSKILL.md
546fetch(`/api/posts?userId=${userId}`).then(async r => {
medium line 547

Template literal with variable interpolation in command context

SourceSKILL.md
547if (!r.ok) throw new Error(`Failed to fetch posts: ${r.status}`);
medium line 550

Template literal with variable interpolation in command context

SourceSKILL.md
550fetch(`/api/comments?userId=${userId}`).then(async r => {
medium line 551

Template literal with variable interpolation in command context

SourceSKILL.md
551if (!r.ok) throw new Error(`Failed to fetch comments: ${r.status}`);
medium line 564

Template literal with variable interpolation in command context

SourceSKILL.md
564const response = await fetch(`/api/dashboard?userId=${userId}`);
medium line 566

Template literal with variable interpolation in command context

SourceSKILL.md
566throw new Error(`Failed to fetch dashboard: ${response.status}`);
low line 522

Fetch to external URL

SourceSKILL.md
522const userRes = await fetch('/api/user');
low line 749

Fetch to external URL

SourceSKILL.md
749fetch('/api/data')
low line 762

Fetch to external URL

SourceSKILL.md
762fetch('/api/data', { signal: controller.signal })
low line 312

Access to .env file

SourceSKILL.md
312glob: ".env*"
low line 326

Access to .env file

SourceSKILL.md
326url: process.env.DATABASE_URL,
low line 329

Access to .env file

SourceSKILL.md
329log: process.env.NODE_ENV === 'development' ? ['query', 'error', 'warn'] : ['error'],
Scanned on Feb 28, 2026
View Security Dashboard

Install this skill with one command

/learn @mgd34msu/performance-audit
GitHub Stars 4
Rate this skill
Categorydevelopment
UpdatedMarch 29, 2026
openclawfrontendbackendapifrontend-developerproduct-managergrowth-marketerdata-analystux-designergoogle-analyticsgithubfirebasedevelopmentproductmarketingdata analyticsdesign
mgd34msu/goodvibes-plugin