WebRecon
Overview
This skill provides the methodology for conducting comprehensive website audits using 6 parallel Chrome instances. Each instance is controlled by a specialized agent that focuses on a specific aspect of the audit.
When to Use
- •Competitive analysis of websites
- •Design replication prep (extracting design tokens, components, assets)
- •API/programmatic access discovery
- •Tech stack reconnaissance
- •Mobile responsiveness analysis
- •SEO and security assessment
Prerequisites
Before running /webrecon:
- •Launch Chrome instances: Run
~/.config/opencode/launch-chrome-instances.sh - •Verify Chrome is ready: Script will confirm all 6 ports responding
- •Optional: Set
FIRECRAWL_API_KEYin environment for better page enumeration
Command Usage
# Quick recon (10 pages) /webrecon quick example.com # Deep recon (25 pages) /webrecon deep example.com # Design-focused (15 pages, skips SEO/security) /webrecon design example.com # With options /webrecon deep example.com --exclude=api /webrecon deep example.com --max-pages=50 /webrecon deep example.com --design-deep # Full component/asset extraction /webrecon --resume # Resume interrupted run
Execution Flow
Phase 0: Setup
- •Create output directory:
~/webrecon-output/<domain>/<timestamp>/ - •Initialize state file for resumability
- •Verify Chrome instances are running
- •Load filter config from
~/.config/opencode/webrecon-filters.yaml - •Check for previous run (for diff computation)
Phase 1: Page Enumeration
Fallback chain:
- •Try
sitemap.xml(free, instant) - •Try Firecrawl API if
FIRECRAWL_API_KEYset - •Fallback: Jina Reader (
https://r.jina.ai/<url>) + browser link crawl
Filtering:
- •Exclude:
/blog/*,/docs/*,/legal/*,/changelog/*,/tag/*, pagination - •Keep everything else, cap by mode: quick=10, deep=25, design=15
Phase 2: Parallel Analysis
Dispatch 6 agents simultaneously:
| Chrome | Agent | Focus |
|---|---|---|
| chrome-1 | audit-recon | Tech stack, third-party scripts, pixels, GTM |
| chrome-2 | audit-design | CSS tokens, typography, colors, components |
| chrome-3 | audit-api | Endpoints, auth flow, WebSocket, rate limits |
| chrome-4 | audit-mobile | Viewports, touch targets, responsive layouts |
| chrome-5 | audit-seo | Meta tags, OpenGraph, Schema.org, headings |
| chrome-6 | audit-security | HTTP headers, cookies, CSP, exposed source maps |
Each agent:
- •Processes assigned URLs one at a time
- •Writes results to disk immediately (context hygiene)
- •Updates
.state/progress.json - •Returns summary only
Phase 2.5: Design Deep (if --design-deep)
Sequential extended extraction on chrome-2:
- •Component inventory with HTML/CSS snippets
- •Asset harvesting (icons, fonts, logos)
- •Motion capture (animations, transitions)
- •Multi-format export (Style Dictionary, Figma Tokens, Tailwind config)
Phase 3: PWA Check
Quick check for Progressive Web App capabilities:
- •Fetch
/manifest.json - •Detect service worker
- •Test offline capability
Phase 4: Authenticated Audit (Optional)
If user wants to audit logged-in state:
- •Open chrome-1 to login page
- •Prompt: "Log in manually, then type 'done'"
- •Capture session cookies
- •Inject into other Chrome instances
- •Re-run audit-recon and audit-api in auth mode
Phase 5: Diff Computation
If previous run exists:
- •Load previous
structured/*.jsonfiles - •Compare: tech-stack, api-map, design-tokens
- •Generate:
changelog/diffs/<timestamp>.json - •Append to:
changelog/history.jsonl
Phase 6: Compile Output
Generate final deliverables:
- •
_manifest.json- Run metadata + change summary - •
report.md- Human-readable executive summary - •
structured/- All JSON exports - •
screenshots/- Key page screenshots - •
network/- HAR archive + endpoints - •
assets/- If --design-deep (components, icons, fonts) - •
exports/- If --design-deep (Style Dictionary, Figma, Tailwind)
Output Structure
~/webrecon-output/
└── example.com/
├── changelog/
│ ├── history.jsonl # Append-only event log
│ └── diffs/
│ └── 2024-12-25_143022.json
│
├── 2024-12-25_143022/ # This run
│ ├── _manifest.json
│ ├── report.md
│ ├── structured/
│ │ ├── tech-stack.json
│ │ ├── design-tokens.json
│ │ ├── api-map.json
│ │ ├── seo-data.json
│ │ ├── security-report.json
│ │ └── ...
│ ├── screenshots/
│ ├── network/
│ ├── assets/ # If --design-deep
│ └── exports/ # If --design-deep
│
└── latest -> 2024-12-25_143022 # Symlink
Context Management
Problem: Long-running agents can bloat context with network data, screenshots, DOM trees.
Solution: Chunked processing + structured handoffs
- •Orchestrator holds URL list only, not page content
- •Sub-agents process ONE page at a time
- •Write findings to disk IMMEDIATELY
- •Clear page-specific context before next page
- •Return summary only (not full data)
Resumability: If interrupted, /webrecon --resume reads .state/progress.json and continues from last completed page.
Chrome DevTools MCP Reference
Key tools available:
Navigation:
- •
navigate_page- Go to URL - •
new_page/close_page- Tab management - •
list_pages/select_page- Multi-tab handling
Inspection:
- •
take_screenshot- Capture page - •
take_snapshot- Get DOM/accessibility tree - •
evaluate_script- Run JavaScript
Network:
- •
list_network_requests- Get all requests - •
get_network_request- Get request/response details
Performance:
- •
performance_start_trace/performance_stop_trace- Record traces - •
performance_analyze_insight- Get performance insights
Best Practices
- •Run Chrome launcher first: Always start Chrome instances before auditing
- •Use appropriate mode:
quickfor rapid checks,deepfor thorough analysis - •Design-deep for replication: Use
--design-deepwhen you need to recreate the design - •Check diffs: Use
/webaudit diffto track changes over time - •Review filtered pages: Customize include/exclude if defaults miss important pages