amhuppert/claude/ai-resources-plugin/skills/setup-perf-stack
claude/ai-resources-plugin/skills/setup-perf-stack/SKILL.md
--- name: setup-perf-stack description: Bootstrap web performance debugging tooling: install chrome-devtools-mcp and related MCP servers/skills. disable-model-invocation: true --- # Setup: Performance Debugging Stack Bootstrap the MCP servers and skills required for Claude Code to autonomously investigate performance issues in web applications. This skill only handles **installation**. For the actual investigation workflow (the reproduce → capture → analyze → fix → validate loop, framework-sp
$ install --global
skillsauthnpx skillsauth add amhuppert/my-ai-resources claude/ai-resources-plugin/skills/setup-perf-stackInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 7, 2026, 3:47 AM138.4s1 file scanned
SKILL.md
- name:
- setup-perf-stack
- description:
- Bootstrap web performance debugging tooling: install chrome-devtools-mcp and related MCP servers/skills.
- disable-model-invocation:
- true
Setup: Performance Debugging Stack
Bootstrap the MCP servers and skills required for Claude Code to autonomously investigate performance issues in web applications.
This skill only handles installation. For the actual investigation workflow (the reproduce → capture → analyze → fix → validate loop, framework-specific rules, per-scenario playbooks), use the investigate-web-perf skill once setup is complete.
What This Skill Installs
The anchor is chrome-devtools-mcp — it wraps Puppeteer + CDP and exposes performance_analyze_insight, which compresses a ~30 MB Chrome trace into a ~4 KB summary across 18 named insights (LCPBreakdown, INPBreakdown, ForcedReflow, DuplicatedJavaScript, CLSCulprits, etc.). Without this compression, raw traces blow the context window. Everything else layers on top.
| Component | Role | Required? |
|-----------|------|-----------|
| chrome-devtools-mcp | Lab traces, CDP, insights, Lighthouse-in-MCP | Yes |
| Chrome DevTools Skills plugin | Curated LCP + a11y workflows that prevent Perf-API hallucinations | Yes |
| next-devtools-mcp | Next.js 16+ dev-server bridge, route tree, Suspense automation | Next.js 16+ only |
| @danielsogl/lighthouse-mcp | Batch scoring + regression diff | Optional; CDT MCP has lighthouse_audit |
| react-scan dev dep | Runtime render profiler (successor to why-did-you-render) | React projects |
| Dedicated Chrome debug profile | Required for authenticated sites (Chrome 136+ blocks default profile) | Auth flows only |
Before You Start
Ask the user (or infer from the repo) and confirm:
- Framework — Next.js 16+ / Next.js 15 / plain React / Vite / other. Only install
next-devtools-mcpfor Next.js 16+. - Auth — Does the perf scenario require logging in? If yes, do step 5.
- Scope — User-level (
--scope user, every project inherits) or project-level (--scope project, only this repo). Default touserfor the core tools.
Never install speculatively. Each MCP costs ~13–18k tokens of tool definitions per session; a minimal stack is the right default.
Step 1 — Install the Anchor: chrome-devtools-mcp
claude mcp add chrome-devtools --scope user -- npx chrome-devtools-mcp@latest
Privacy-sensitive or offline contexts:
claude mcp add chrome-devtools --scope user -- npx chrome-devtools-mcp@latest --no-performance-crux --no-usage-statistics
WSL: Chrome must be installed inside the Linux distro, not via the Windows host. Check with which google-chrome.
Step 2 — Install the Chrome DevTools Skills Plugin
These are the curated skills Google ships alongside the MCP. They encode the capture→analyze loop and counter the documented failure mode where models hallucinate non-existent Performance-API calls (chrome-devtools-mcp#1114).
/plugin marketplace add ChromeDevTools/chrome-devtools-mcp
/plugin install chrome-devtools-mcp@chrome-devtools-mcp
This brings in at minimum: chrome-devtools-cli, debug-optimize-lcp, and the accessibility debug skill.
Step 3 — Framework-Specific MCP (Next.js 16+ Only)
Bridges the /_next/mcp dev-server endpoint for route/Suspense/compile-error introspection.
claude mcp add next-devtools --scope user -- npx -y next-devtools-mcp@latest
Skip this step for non-Next.js projects and for Next.js 15 or earlier.
Step 4 — Optional Lab Tooling
Lighthouse MCP (batch scoring, regression diffs, reusable prompts) — skip unless the user explicitly needs batch Lighthouse runs. chrome-devtools-mcp already exposes lighthouse_audit for one-off runs.
claude mcp add lighthouse --scope user -- npx @danielsogl/lighthouse-mcp@latest
react-scan as a dev dependency for in-browser render inspection:
npm install --save-dev react-scan
Optional convenience script for package.json:
"scripts": {
"scan": "react-scan http://localhost:3000"
}
Do not install: @million/lint (deprecated on npm), why-did-you-render for new projects (maintenance-only since Jan 2025), any community "react-scan MCP" (none is officially supported; the one on LobeHub is an unrelated static analyzer).
Step 5 — Dedicated Chrome Debug Profile (Auth Flows Only)
Chrome 136+ blocks remote debugging against the default profile. For any authenticated page, launch a dedicated profile:
google-chrome \
--remote-debugging-port=9222 \
--user-data-dir="$HOME/.chrome-debug"
Log in once in this profile (cookies persist across sessions), then reconfigure the MCP to attach to the running instance:
claude mcp remove chrome-devtools
claude mcp add chrome-devtools --scope user -- \
npx chrome-devtools-mcp@latest \
--browserUrl http://localhost:9222 \
--user-data-dir "$HOME/.chrome-debug"
Step 6 — Smoke-Test the Install
Ask the agent to record a trace against a known URL:
Record a reload trace of
https://example.comwith Slow 4G + 4× CPU. Callperformance_analyze_insightforLCPBreakdown. Report the LCP element and the dominant subpart.
Success signals:
- Agent calls
performance_start_tracewith emulation params, not freeformevaluate_script. - Agent calls
performance_analyze_insightwith a valid insight name from the fixed list of 18. - Agent receives a compact summary, not raw trace JSON.
Failure signals (reinstall steps 1–2):
- Agent invents
performance.getEntriesByType("largest-contentful-paint-v2")or similar non-existent APIs. - Agent dumps raw trace JSON into the response.
performance_analyze_insightis not available as a tool.
Once the smoke test passes, hand off to the investigate-web-perf skill for real work.
Troubleshooting
chrome-devtools-mcpprocess leak on Codex CLI — Open issueopenai/codex#17574. Long sessions leak helper processes consuming tens of GB of swap. Runpkill -f chrome-devtools-mcpbetween sessions until patched.- Context pollution — Each screenshot is ~2k tokens; verbose tool outputs degrade instruction-following past ~60% context. Use
/clearbetween unrelated perf investigations, delegate trace triage to subagents, prefer snapshots over screenshots. - Non-deterministic numbers — LCP/INP vary ±15–30% from CPU thermal state and GC. This is a property of the metric, not a setup issue. The
investigate-web-perfskill handles this by always pinning emulation and running N=3. - Authenticated page times out — You skipped step 5. Default profile debugging is blocked since Chrome 136.
- Agent hallucinates Perf-API methods — You skipped step 2. The curated skills exist specifically for this failure mode.
Community Skills Security Caveat
Snyk's ToxicSkills study found ~13% of community "awesome-skill" packages had critical security issues, some exfiltrating credentials. Review every SKILL.md and bundled script before installing community skills. Safe base: Anthropic's own skills/ repo, addyosmani/web-quality-skills, and skills bundled with ChromeDevTools/chrome-devtools-mcp.
Related Skills
amhuppert/hotkey-helper
tools
VerifiedTrustedCommunity
Use when picking or vetting a keyboard shortcut on macOS. Triggers include "what hotkey should I use for X", "is `<combo>` available", "does this shortcut conflict", "recommend a keybinding for…", "check `<combo>` against my setup", "pick a hotkey for…", or any mention of choosing/binding/changing a shortcut in WezTerm, tmux, Zed, Chrome, Claude Code, or macOS. Determines whether a proposed combo collides with OS-reserved bindings, app defaults, or the user's customizations, and recommends ergonomic alternatives when needed.
2SKILL.mdUpdated Jun 2, 2026
amhuppert/knip
development
VerifiedTrustedCommunity
Detect and remove dead code with knip. Use when the user asks to "run knip", "find unused files", "find unused exports", "find unused dependencies", "clean up dead code", "remove dead code", "set up knip", "configure knip", "knip.json", "knip false positive", "knip CI", or mentions a `knip` config, dependency bloat, bundle bloat from unused imports, or tree-shaking unused exports. Covers the configuration-first workflow, confidence-gated deletion, framework-specific gotchas (Next.js 15+, Tailwind, Storybook, Jest, Bun's test runner and `bun build --compile`), monorepos, CI integration, and performance tuning.
1SKILL.mdUpdated May 27, 2026
amhuppert/react-scan
tools
VerifiedTrustedCommunity
This skill should be used when the user asks to "set up react-scan", "install react-scan", "diagnose React re-renders", "find unnecessary renders", "find unstable props", "automate React render checks with Playwright", "react-scan + playwright", "measure component renders programmatically", "check why a React component is slow", or mentions React rendering issues, slow React interactions, render counts, or component-level perf attribution. Covers install across Next.js/Vite/Remix/script-tag/browser-extension, the lite headless API for CI, and the canonical render-attribution → fix → validate loop driven through Playwright.
1SKILL.mdUpdated May 20, 2026
amhuppert/knowledge-base-ingest
documentation
VerifiedTrustedCommunity
This skill should be used when integrating source material into a knowledge base, including when the user asks to "integrate this document into the knowledge base", "add this transcript to the memory bank", "ingest this document", "update the knowledge base", "analyze a new source document", or "sync current-state docs with this source".
1SKILL.mdUpdated May 17, 2026