| name | webrecon |
| description | WebRecon - reconnaissance tool using parallel Chrome instances for competitive analysis, design extraction, and API discovery |
WebRecon
Overview
This skill provides the methodology for conducting comprehensive website audits using 6 parallel Chrome instances. Each instance is controlled by a specialized agent that focuses on a specific aspect of the audit.
When to Use
- Competitive analysis of websites
- Design replication prep (extracting design tokens, components, assets)
- API/programmatic access discovery
- Tech stack reconnaissance
- Mobile responsiveness analysis
- SEO and security assessment
Prerequisites
Before running /webrecon:
- Launch Chrome instances: Run
~/.config/opencode/launch-chrome-instances.sh - Verify Chrome is ready: Script will confirm all 6 ports responding
- Optional: Set
FIRECRAWL_API_KEYin environment for better page enumeration
Command Usage
# Quick recon (10 pages)
/webrecon quick example.com
# Deep recon (25 pages)
/webrecon deep example.com
# Design-focused (15 pages, skips SEO/security)
/webrecon design example.com
# With options
/webrecon deep example.com --exclude=api
/webrecon deep example.com --max-pages=50
/webrecon deep example.com --design-deep # Full component/asset extraction
/webrecon --resume # Resume interrupted run
Execution Flow
Phase 0: Setup
- Create output directory:
~/webrecon-output/<domain>/<timestamp>/ - Initialize state file for resumability
- Verify Chrome instances are running
- Load filter config from
~/.config/opencode/webrecon-filters.yaml - Check for previous run (for diff computation)
Phase 1: Page Enumeration
Fallback chain:
- Try
sitemap.xml(free, instant) - Try Firecrawl API if
FIRECRAWL_API_KEYset - Fallback: Jina Reader (
https://r.jina.ai/<url>) + browser link crawl
Filtering:
- Exclude:
/blog/*,/docs/*,/legal/*,/changelog/*,/tag/*, pagination - Keep everything else, cap by mode: quick=10, deep=25, design=15
Phase 2: Parallel Analysis
Dispatch 6 agents simultaneously:
| Chrome | Agent | Focus |
|---|---|---|
| chrome-1 | audit-recon | Tech stack, third-party scripts, pixels, GTM |
| chrome-2 | audit-design | CSS tokens, typography, colors, components |
| chrome-3 | audit-api | Endpoints, auth flow, WebSocket, rate limits |
| chrome-4 | audit-mobile | Viewports, touch targets, responsive layouts |
| chrome-5 | audit-seo | Meta tags, OpenGraph, Schema.org, headings |
| chrome-6 | audit-security | HTTP headers, cookies, CSP, exposed source maps |
Each agent:
- Processes assigned URLs one at a time
- Writes results to disk immediately (context hygiene)
- Updates
.state/progress.json - Returns summary only
Phase 2.5: Design Deep (if --design-deep)
Sequential extended extraction on chrome-2:
- Component inventory with HTML/CSS snippets
- Asset harvesting (icons, fonts, logos)
- Motion capture (animations, transitions)
- Multi-format export (Style Dictionary, Figma Tokens, Tailwind config)
Phase 3: PWA Check
Quick check for Progressive Web App capabilities:
- Fetch
/manifest.json - Detect service worker
- Test offline capability
Phase 4: Authenticated Audit (Optional)
If user wants to audit logged-in state:
- Open chrome-1 to login page
- Prompt: "Log in manually, then type 'done'"
- Capture session cookies
- Inject into other Chrome instances
- Re-run audit-recon and audit-api in auth mode
Phase 5: Diff Computation
If previous run exists:
- Load previous
structured/*.jsonfiles - Compare: tech-stack, api-map, design-tokens
- Generate:
changelog/diffs/<timestamp>.json - Append to:
changelog/history.jsonl
Phase 6: Compile Output
Generate final deliverables:
_manifest.json- Run metadata + change summaryreport.md- Human-readable executive summarystructured/- All JSON exportsscreenshots/- Key page screenshotsnetwork/- HAR archive + endpointsassets/- If --design-deep (components, icons, fonts)exports/- If --design-deep (Style Dictionary, Figma, Tailwind)
Output Structure
~/webrecon-output/
└── example.com/
├── changelog/
│ ├── history.jsonl # Append-only event log
│ └── diffs/
│ └── 2024-12-25_143022.json
│
├── 2024-12-25_143022/ # This run
│ ├── _manifest.json
│ ├── report.md
│ ├── structured/
│ │ ├── tech-stack.json
│ │ ├── design-tokens.json
│ │ ├── api-map.json
│ │ ├── seo-data.json
│ │ ├── security-report.json
│ │ └── ...
│ ├── screenshots/
│ ├── network/
│ ├── assets/ # If --design-deep
│ └── exports/ # If --design-deep
│
└── latest -> 2024-12-25_143022 # Symlink
Context Management
Problem: Long-running agents can bloat context with network data, screenshots, DOM trees.
Solution: Chunked processing + structured handoffs
- Orchestrator holds URL list only, not page content
- Sub-agents process ONE page at a time
- Write findings to disk IMMEDIATELY
- Clear page-specific context before next page
- Return summary only (not full data)
Resumability: If interrupted, /webrecon --resume reads .state/progress.json and continues from last completed page.
Chrome DevTools MCP Reference
Key tools available:
Navigation:
navigate_page- Go to URLnew_page/close_page- Tab managementlist_pages/select_page- Multi-tab handling
Inspection:
take_screenshot- Capture pagetake_snapshot- Get DOM/accessibility treeevaluate_script- Run JavaScript
Network:
list_network_requests- Get all requestsget_network_request- Get request/response details
Performance:
performance_start_trace/performance_stop_trace- Record tracesperformance_analyze_insight- Get performance insights
Best Practices
- Run Chrome launcher first: Always start Chrome instances before auditing
- Use appropriate mode:
quickfor rapid checks,deepfor thorough analysis - Design-deep for replication: Use
--design-deepwhen you need to recreate the design - Check diffs: Use
/webaudit diffto track changes over time - Review filtered pages: Customize include/exclude if defaults miss important pages