Web Vitals
Website audit across 7 categories scored 0–100 (Web Vitals, security, SEO, accessibility, best practices, mobile, privacy) — one concrete fix per finding.
SKILL.md in the open agentskills.io standard — works directly in Claude, ChatGPT/Codex, Cursor, Copilot & more.
Web Vitals is an AI web-performance audit skill that audits a website like the established pro tools — across seven categories each scored 0–100: performance (Core Web Vitals LCP/INP/CLS + lab metrics), accessibility (WCAG 2.2), best practices, SEO, security (TLS + security headers in the style of Mozilla Observatory/SSL Labs), mobile/responsive and privacy/GDPR. Delivers severity-ranked findings with concrete fixes per category, an overall overview and a leverage-sorted action list — and honestly distinguishes measured from estimated values.
What this skill does
- Scores 7 categories each 0–100 (performance, accessibility, best practices, SEO, security, mobile, privacy)
- Fetches measurement data itself where the environment allows: PageSpeed Insights API (lab + CrUX field in one GET), curl headers for security, HTML fetch, optionally Lighthouse CLI/SSL Labs — asks the user only as a fallback
- Automatically obtains approval for the required measurement/read commands (incl. optional installation like npx lighthouse) and, once granted, runs autonomously through to the finished report — authorized site only, nothing destructive
- Cleanly separates field data (CrUX: LCP/INP/CLS/FCP/TTFB, p75) from lab (Lighthouse) — CWV-pass counts field
- Transparent performance score: log-normal curve per metric, weights TBT 30/LCP 25/CLS 25/FCP 10/SI 10 (v10+, TTI dropped)
- Delivers Opportunities (estimated savings) and Diagnostics (LCP element, CLS sources, main thread, DOM, TTFB)
- Mobile-first by default (mobile-first indexing, the harder condition) — desktop additionally on request
- Checks security like Mozilla Observatory/SSL Labs (TLS, CSP, HSTS, cookie flags, SRI, mixed content)
- Checks WCAG 2.2 accessibility (note: automation catches only part), technical SEO and best practices (incl. CSP-against-XSS, deprecated APIs)
- Mobile/responsive and GDPR/privacy (consent, trackers, SPF/DKIM/DMARC) — DACH-ready
- Findings by severity with concrete fixes; distinguishes measured vs. estimated — invents no numbers
- Best-effort live check with web/tool access; overall score table + leverage-prioritized actions
- Gives a compact one-sentence fix per finding (concrete lever); with web/tool access it looks up the current solution live (web.dev/official docs) for special problems
- Rates each fix with a recommendation strength (mandatory/recommended/situational/optional) and says whether it makes sense in this context; for risky changes (e.g. CSP/HSTS) a note on effort/risk + test in staging — promises nothing that can break
Description
Web Vitals is a skill for website audits — it scores a site across seven categories from 0–100 (performance/Core Web Vitals, security, SEO, accessibility, best practices, mobile, privacy) and gives a concrete fix for each finding. A comprehensive website audit that bundles the checking logic of the established sources and translates it into clear categories scored 0–100 each. Performance is based on the Core Web Vitals (LCP good ≤ 2.5 s, INP ≤ 200 ms, CLS ≤ 0.1) plus lab metrics (FCP, Speed Index, TBT, TTI, TTFB), weighted like Lighthouse 10+ (TBT 30%, LCP 25%, CLS 25%, FCP 10%, SI 10%; TTI dropped, each metric mapped to 0–100 via a log-normal curve). Accessibility checks WCAG 2.2 criteria (contrast, alt text, labels, keyboard/focus, ARIA, headings, language, target sizes). Best Practices covers HTTPS, console errors, image sizes, outdated/vulnerable libraries and mixed content. SEO covers title/meta, headings, crawlability (robots.txt, sitemap, indexability), canonical, structured data, mobile-friendliness and hreflang. Security assesses TLS/certificate (SSL-Labs style) and security headers (CSP, HSTS, X-Content-Type-Options, Referrer/Permissions-Policy, COOP/COEP/CORP, X-Frame-Options), cookie flags (Secure/HttpOnly/SameSite), mixed content and Subresource Integrity in the style of Mozilla Observatory/securityheaders.com. Mobile & Responsive checks viewport, layout, tap targets and font sizes; Privacy/GDPR (DACH bonus) checks cookie consent before tracking, third-party trackers, privacy policy/imprint and email auth (SPF/DKIM/DMARC). Honesty principle: measured values only from real sources (Lighthouse/PageSpeed/WebPageTest/header scan or best-effort live check with web/tool access), otherwise a static/heuristic analysis from supplied HTML/headers — never invented numbers; field (CrUX, p75) vs. lab data are distinguished. Output: score table, findings per category with severity and fix, prioritized actions (impact × effort) and a stated data basis/limits. Authorized sites only, no penetration test. Synergy: real measurement via Lighthouse/SSL Labs, A/B evaluation via the A/B Test Auditor, code fixes via Code Reviewer Pro.
Examples
What it does not do
- Invents no metric values; without real data clearly flagged as estimate/heuristic
- Scans no foreign/unauthorized sites; no penetration tests or exploits
- Replaces no real measurement (Lighthouse/PageSpeed/WebPageTest/SSL Labs)
- Replaces no legal review (GDPR/imprint are hints)
- Promises no risk-free patches: breaking changes (CSP, HSTS, SameSite) come with a warning and a test recommendation instead of a blanket MUST
Compatibility & tech
- Tested (internal)
- 4 scenarios
- Recommended runtime
- Strongest available model; most effective with web/tool access for live fetching of the page and headers.
- Modes
- Full audit · Single category · Interpret data · Prioritized fix list · Re-audit/comparison
- Inputs
- URL · Lighthouse JSON / PageSpeed result (field + lab) · HTML source · HTTP header dump · WebPageTest result · optional: focus category, device (default mobile)
- Output format
- Score table (7 categories à 0–100 + traffic light) with Core Web Vitals values, findings per category (severity + concrete fix + recommendation strength + effort/risk where relevant), prioritized actions (impact × effort), stated data basis & limits
- Subcategory
- Performance & audit
- License
- Proprietär
Security profile
Runs entirely on your machine with your own AI — no external runtime, no running costs.
Contains executable code or runs actions/tools — take a quick look before using.
Accesses external sources / the network in normal use (e.g. live pages, search/data APIs).
What you get
- web-vitals-1.9.1/7 files
- .claude-plugin/marketplace.json
plugins/web-vitals/skills/web-vitals/7 files
- SKILL.md
- manifest.json
assets/1 file
- web-vitals-card-sample.svg
references/3 files
- thresholds.md
- web-vitals-backlog-and-card.md
- web-vitals-checklist.md
scripts/1 file
- render-web-vitals-card.mjs
- .agents/skills/web-vitals/→ universal — same content (Codex, Cursor, Copilot, Gemini, Windsurf, Cline)
- LICENSE.txt
Installation
Also works as a chat prompt
No AI tool? Paste it into Claude, ChatGPT or Gemini and use the method right away.
You get the full method. Only 1 helper script(s) that automate parts of it run once installed.
Works best when your chat has web access.
Installing is the full version — it triggers automatically, runs its scripts and loads references as needed. As a chat prompt you drive the method by hand.
Unlock to copy the ready-to-paste prompt — then in “My Skills”.
Reviews
No reviews yet – be the first.
Note
The skill measures on its own: it names the required commands (PageSpeed API/curl/optionally Lighthouse), obtains your approval ONCE and then runs automatically through to the report. On hosts with shell/network (Claude Code etc.) this happens directly; in plain chat a single prompt with copy-paste commands is enough. Authorized sites only.
Changelog
- v1.9.101.07.2026Fairer score-card colors: per-category color bands by realistic achievability (Performance & Privacy/GDPR are harder to max out) with a smooth red→amber→green blend instead of hard 90/50 steps — weak scores still stay red; optional per-run `bands` override. Also: thresholds/rules are now flagged as a dated snapshot — verify current Core Web Vitals values at the official source (web.dev/Chrome/PageSpeed) and cite the retrieval date.
- v1.9.026.06.2026Operational upgrade (projected from the sister skill Web AI Vitals): full audits now end with a mandatory to-do backlog — each task with priority (P0–P3), acceptance criterion, verification (e.g. re-run Lighthouse, a curl header check, a contrast checker), effort & risk — instead of just a loose action list. Plus a shareable SVG result graphic (a score card with date, device/data basis, the 7 categories, an optional Core Web Vitals line and the top-3 — honest: weak scores stay red) via a bundled render script.
- v1.8.022.06.2026Platform-native output: now actively uses your platform's native formatting — tables, checklists, code blocks and clickable/button options, with a numbered fallback on non-interactive platforms. Plus internal metadata that prepares the upcoming agent builder.
- v1.7.018.06.2026Reworked to the AUTHORING v2 standard: realistic input/answer examples (incl. a calibration case), copy checklist(s) and internal evals; cross-references added.
- v1.6.018.06.2026Added references/thresholds.md: deeper detail reference via progressive disclosure; SKILL.md stays lean.
- v1.5.010.06.2026Auto-run with approval: the skill proactively names the required measurement/read commands (curl headers, PageSpeed API, optionally npx lighthouse incl. installation), obtains the user's approval ONCE (allow all or step by step; authorized site only, nothing destructive) and then runs autonomously through to the finished report. Only falls back to a single copy-paste prompt on non-executing hosts.
- v1.4.010.06.2026Auto data collection with a capability ladder: the skill fetches measurement data itself where the environment allows — PageSpeed Insights API (one GET returns lab + CrUX field), curl -sIL for response headers/security, HTML fetch, optionally the SSL Labs API and Lighthouse CLI; only as a fallback does it ask the user for outputs (with exact commands). Measured-vs-estimated stays flagged.
- v1.3.010.06.2026id shortened to 'web-vitals'. Context- & risk-aware recommendations: per fix a recommendation strength (mandatory/recommended/situational/optional) + a note whether it makes sense in context; breaking changes (CSP blocks third parties → test Report-Only; HSTS locks out on HTTPS problems → small max-age; SameSite=Strict breaks cross-site → Lax) with effort/risk and a staging recommendation; promises nothing that can break.
- v1.2.010.06.2026Display name shortened to 'Web Vitals'; fix cheat-sheet added — every finding ends with a concrete one-sentence lever (LCP/INP/CLS/TBT/TTFB, a11y, security headers, SEO, mobile, privacy); with web/tool access an optional live solution lookup for special cases.
- v1.1.010.06.2026Expanded further (aligned with PageSpeed Insights & the Lighthouse score calculator): field (CrUX: LCP/INP/CLS/FCP/TTFB, p75) vs. lab data separated; performance score corrected to Lighthouse 10+ (TBT 30/LCP 25/CLS 25/FCP 10/SI 10, TTI dropped, log-normal curves, median); Opportunities & Diagnostics (LCP element, CLS sources, main thread, DOM, TTFB, INP levers); mobile-first as a principle incl. rationale (mobile-first indexing) even for desktop; best practices expanded (CSP-against-XSS, deprecated APIs, image aspect ratio), a11y note automated vs. manual.
- v1.0.010.06.2026Comprehensive website-audit skill with 7 categories à 0–100 (performance/Core Web Vitals, accessibility WCAG 2.2, best practices, SEO, security in Observatory/SSL-Labs style, mobile/responsive, privacy/GDPR). Lighthouse weighting, field vs. lab data, measured-vs-estimated honesty, best-effort live check with web access, prioritized actions; authorized sites only, no pentest.
Frequently asked questions
What does Web Vitals do?
Web Vitals is an AI web-performance audit skill that audits a website like the established pro tools — across seven categories each scored 0–100: performance (Core Web Vitals LCP/INP/CLS + lab metrics), accessibility (WCAG 2.2), best practices, SEO, security (TLS + security headers in the style of Mozilla Observatory/SSL Labs), mobile/responsive and privacy/GDPR. Delivers severity-ranked findings with concrete fixes per category, an overall overview and a leverage-sorted action list — and honestly distinguishes measured from estimated values.
What are Core Web Vitals?
Core Web Vitals are the key metrics LCP, INP, and CLS for load time, responsiveness, and visual stability. Web Vitals checks them alongside lab metrics in its performance score and names a concrete fix for each finding.
How do I test my website's performance?
Web Vitals audits your site like common pro tools across seven categories, each with a 0–100 score, and honestly distinguishes measured values from estimated ones.
How do I improve my website score?
Web Vitals delivers severity-ranked findings with concrete fixes per category plus a priority list sorted by impact, so you tackle what helps most first.
Which areas does a website audit cover?
Web Vitals checks seven areas: performance (Core Web Vitals), accessibility (WCAG 2.2), best practices, SEO, security (TLS and security headers), mobile/responsive, and privacy/GDPR.
Which AI tools does Web Vitals work with?
Claude Code / Codex / Cursor & hosts with shell/network: fetches the PageSpeed API, curl headers & Lighthouse automatically · Claude / ChatGPT with web fetch: a PageSpeed API GET is enough for lab + field · Plain chat without tools: analysis from supplied data (Lighthouse JSON/HTML/headers) + exact commands as a guide · Any LLM
How do I use Web Vitals?
Web Vitals is a SKILL.md in the open agentskills.io standard: install it with one command (npx) or download it and add it to your AI tool — Claude (Projects), ChatGPT (Custom GPT), Cursor, Copilot, Gemini CLI and more. No code needed.