Skip to main content

sweep

Conducts comprehensive frontend audits using DFS graph crawling to ensure accessibility, performance, and UI integrity across all pages.

Install this skill

or
0/100

Security score

The sweep skill was audited on May 25, 2026 and we found 35 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 200

Template literal with variable interpolation in command context

SourceSKILL.md
200console.log(`[${' '.repeat(depth)}DFS:${depth}] ${normalized}`);
medium line 257

Template literal with variable interpolation in command context

SourceSKILL.md
257jsErrors.push(`${error.name}: ${error.message}`);
medium line 363

Template literal with variable interpolation in command context

SourceSKILL.md
363if (!route.startsWith('/_')) seen.add(`${base}${route}`);
medium line 400

Template literal with variable interpolation in command context

SourceSKILL.md
400selector: testId ? `[data-testid="${testId}"]` : `${tag}:has-text("${text.slice(0, 30)}")`,
medium line 457

Template literal with variable interpolation in command context

SourceSKILL.md
457const path = `test-results/sweep/screenshots/${route}_${bp.name}.png`;
medium line 494

Template literal with variable interpolation in command context

SourceSKILL.md
494issues.push(`OVERFLOW: ${id} extends ${Math.round(rect.right - docWidth)}px beyond viewport`);
medium line 516

Template literal with variable interpolation in command context

SourceSKILL.md
516issues.push(`SMALL TARGET: "${text}" is ${Math.round(rect.width)}x${Math.round(rect.height)}px (min 44x44)`);
medium line 564

Template literal with variable interpolation in command context

SourceSKILL.md
564const path = `test-results/sweep/screenshots/${route}_loading.png`;
medium line 601

Template literal with variable interpolation in command context

SourceSKILL.md
601const path = `test-results/sweep/screenshots/${route}_empty.png`;
medium line 632

Template literal with variable interpolation in command context

SourceSKILL.md
632const path = `test-results/sweep/screenshots/${route}_error.png`;
medium line 722

Template literal with variable interpolation in command context

SourceSKILL.md
722const path = `test-results/sweep/screenshots/${route}_dark.png`;
medium line 738

Template literal with variable interpolation in command context

SourceSKILL.md
738problems.push(`WHITE BG in dark mode: ${id}`);
medium line 749

Template literal with variable interpolation in command context

SourceSKILL.md
749problems.push(`WHITE INPUT in dark mode: ${el.getAttribute('name') || el.type}`);
medium line 798

Template literal with variable interpolation in command context

SourceSKILL.md
798const label = info.testId || info.text || `${info.tag}[${i}]`;
medium line 816

Template literal with variable interpolation in command context

SourceSKILL.md
816issues.push(`No hover effect on clickable element: ${label}`);
medium line 833

Template literal with variable interpolation in command context

SourceSKILL.md
833issues.push(`No visible focus indicator: ${label}`);
medium line 854

Template literal with variable interpolation in command context

SourceSKILL.md
854issues.push(`FOCUS TRAP BROKEN: focus escapes ${label} modal`);
medium line 1057

Template literal with variable interpolation in command context

SourceSKILL.md
1057issues.push(`LCP ${Math.round(metrics.lcp)}ms > ${PERF_THRESHOLDS.LCP}ms threshold`);
medium line 1060

Template literal with variable interpolation in command context

SourceSKILL.md
1060issues.push(`FCP ${Math.round(metrics.fcp)}ms > ${PERF_THRESHOLDS.FCP}ms threshold`);
medium line 1063

Template literal with variable interpolation in command context

SourceSKILL.md
1063issues.push(`CLS ${metrics.cls.toFixed(3)} > ${PERF_THRESHOLDS.CLS} threshold`);
medium line 1066

Template literal with variable interpolation in command context

SourceSKILL.md
1066issues.push(`Total transfer ${(metrics.totalTransferSize / 1024 / 1024).toFixed(1)}MB > 3MB`);
medium line 1069

Template literal with variable interpolation in command context

SourceSKILL.md
1069issues.push(`Large resource: ${metrics.largestResource.url.split('/').pop()} = ${(metrics.largestResource.size / 1024).toFixed(0)}KB`);
medium line 1080

Template literal with variable interpolation in command context

SourceSKILL.md
1080issues.push(`Images without explicit dimensions: ${unsizedImages.join(', ')}`);
low line 1381

Access to hidden dotfiles in home directory

SourceSKILL.md
1381npx tsx ~/.claude/skills/sweep/scripts/crawler.ts --base http://localhost:3000
low line 1384

Access to hidden dotfiles in home directory

SourceSKILL.md
1384npx tsx ~/.claude/skills/sweep/scripts/crawler.ts \
low line 73

External URL reference

SourceSKILL.md
73- Next.js App Router → `http://localhost:3000/`
low line 74

External URL reference

SourceSKILL.md
74- Pages Router → `http://localhost:3000/`
low line 75

External URL reference

SourceSKILL.md
75- SPA → `http://localhost:5173/` (Vite default)
low line 81

External URL reference

SourceSKILL.md
81npx wait-on http://localhost:3000 --timeout 30000
low line 166

External URL reference

SourceSKILL.md
166const BASE_URL = 'http://localhost:3000';
low line 916

External URL reference

SourceSKILL.md
916url: 'https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.9.1/axe.min.js',
low line 1381

External URL reference

SourceSKILL.md
1381npx tsx ~/.claude/skills/sweep/scripts/crawler.ts --base http://localhost:3000
low line 1385

External URL reference

SourceSKILL.md
1385--base http://localhost:3000 \
low line 1399

External URL reference

SourceSKILL.md
1399npx wait-on http://localhost:3000 --timeout 30000
low line 1400

External URL reference

SourceSKILL.md
1400npx tsx .claude/skills/sweep/scripts/crawler.ts --base http://localhost:3000 --ci --max-pages 50
Scanned on May 25, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedMay 31, 2026
frontendtestingfrontend-developerqa-engineerproduct-managergrowth-pmux-designerplaywrightdevelopmentproductdesign
momomuchu/sweep