Agent skill

using-web-search

Use when researching best practices, tutorials, and expert opinions using WebSearch and WebFetch tools - assesses source authority and recency to synthesize findings with citations

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/devops/using-web-search

SKILL.md

Using Web Search

Use this skill when researching best practices, tutorials, and expert opinions using WebSearch and WebFetch tools.

Core Principles

  • Search with specific, current queries
  • Fetch promising results for detailed analysis
  • Assess source authority and recency
  • Synthesize findings with citations

Workflow

1. Craft Search Query

Be specific and current:

python
# ❌ Vague
WebSearch(query="authentication best practices")

# ✅ Specific
WebSearch(query="OAuth2 JWT authentication Node.js 2024")

Query patterns:

  • Technology + use case + year: "React server-side rendering 2024"
  • Problem + solution: "avoid N+1 queries GraphQL"
  • Comparison: "REST vs GraphQL microservices 2024"
  • Pattern: "repository pattern TypeScript best practices"

Account for current date:

  • Current date from : Check "Today's date"
  • Use current/recent year in queries
  • Avoid outdated year filters (e.g., don't search "2024" if it's 2025)

2. Domain Filtering

Include trusted sources:

python
# Focus on specific domains
WebSearch(
    query="React performance optimization",
    allowed_domains=["react.dev", "web.dev", "kentcdodds.com"]
)

Block unreliable sources:

python
# Exclude low-quality sites
WebSearch(
    query="TypeScript patterns",
    blocked_domains=["w3schools.com", "tutorialspoint.com"]
)

Trusted sources by category:

Frontend:

  • react.dev, web.dev, developer.mozilla.org
  • kentcdodds.com, joshwcomeau.com, overreacted.io

Backend:

  • martinfowler.com, 12factor.net
  • fastapi.tiangolo.com, docs.python.org

Architecture:

  • microservices.io, aws.amazon.com/blogs
  • martinfowler.com, thoughtworks.com

Security:

  • owasp.org, auth0.com/blog, securityheaders.com

3. Fetch and Analyze

Use WebFetch for detailed content:

python
# Fetch specific article
content = WebFetch(
    url="https://kentcdodds.com/blog/authentication-patterns",
    prompt="Extract key recommendations for authentication patterns, including code examples and security considerations"
)

Fetch prompt patterns:

  • "Extract key recommendations for [topic]"
  • "Summarize best practices with code examples"
  • "List security considerations and common pitfalls"
  • "Compare approaches mentioned with pros/cons"

4. Authority Assessment

Evaluate sources:

markdown
Source: Kent C. Dodds - Authentication Patterns (2024)
Authority: ⭐⭐⭐⭐⭐
- Industry expert, React core contributor
- Recent publication (Jan 2024)
- Cited by 50+ articles
- Production examples from real apps

Authority indicators:

  • ✅ Known experts in field
  • ✅ Official documentation
  • ✅ Recent publication dates
  • ✅ Specific, detailed examples
  • ✅ Acknowledges trade-offs

Red flags:

  • ❌ No author/date
  • ❌ Generic advice without context
  • ❌ No code examples
  • ❌ Outdated libraries/patterns
  • ❌ Copy-pasted content

Reporting Format

Structure findings as:

markdown
## Web Research Findings

### 1. Authentication Best Practices

**Source:** Auth0 Blog - "Modern Authentication Patterns" (2024-10-15)
**Authority:** ⭐⭐⭐⭐⭐ (Official security vendor documentation)
**URL:** https://auth0.com/blog/authentication-patterns

**Key Recommendations:**

1. **Token Storage**
   > "Never store tokens in localStorage due to XSS vulnerabilities. Use httpOnly cookies for refresh tokens."

   - ✅ Refresh tokens → httpOnly cookies
   - ✅ Access tokens → memory only
   - ❌ localStorage for sensitive data

2. **Token Rotation**
   ```javascript
   // Recommended pattern
   const rotateToken = async (refreshToken) => {
     const { access, refresh } = await api.rotate(refreshToken)
     invalidateOldToken(refreshToken)
     return { access, refresh }
   }

Trade-offs:

  • Memory-only tokens lost on refresh (need refresh flow)
  • HttpOnly cookies require CSRF protection
  • Complexity vs. security balance

2. Performance Optimization

Source: web.dev - "React Performance Guide" (2024-08) Authority: ⭐⭐⭐⭐⭐ (Google official web platform docs) URL: https://web.dev/react-performance

Findings:

  1. Code Splitting

    • Lazy load routes: 40% faster initial load
    • Use React.lazy() + Suspense
    • Combine with route-based splitting

  2. Memoization Strategy

    • useMemo for expensive computations (>16ms)
    • useCallback only when passed to memoized children
    • Don't over-optimize - measure first

Benchmarks cited:

  • Code splitting: 2.1s → 1.3s load time
  • Proper memoization: 15% render reduction

## Search Strategies

### Pattern Discovery
```python
WebSearch(query="factory pattern TypeScript best practices 2024")

Problem Solutions

python
WebSearch(query="prevent race conditions React useEffect")

Technology Comparisons

python
WebSearch(query="Prisma vs TypeORM PostgreSQL 2024")

Migration Guides

python
WebSearch(query="migrate Express to Fastify performance")

Anti-Patterns

Don't: Search without year context ✅ Do: Include current year for recent practices

Don't: Accept first result without verification ✅ Do: Fetch 2-3 sources, compare findings

Don't: Copy recommendations without understanding ✅ Do: Synthesize findings, note trade-offs

Don't: Skip source credibility check ✅ Do: Assess authority, recency, specificity

Citation Format

Always cite findings:

markdown
**Recommendation:** Use dependency injection for testability

Source: Martin Fowler - "Inversion of Control Containers" (2023)
URL: https://martinfowler.com/articles/injection.html
Authority: ⭐⭐⭐⭐⭐ (Industry thought leader, 20+ years)

Quote: "Constructor injection makes dependencies explicit and enables testing without mocks."

Example Session

python
# 1. Search for auth patterns
results = WebSearch(
    query="JWT refresh token rotation Node.js 2024",
    allowed_domains=["auth0.com", "oauth.net"]
)
# → Found 5 articles from Auth0, OAuth.net

# 2. Fetch most promising
article1 = WebFetch(
    url="https://auth0.com/blog/refresh-tokens-rotation",
    prompt="Extract token rotation implementation patterns and security considerations"
)
# → Got detailed rotation strategy with code

# 3. Fetch second source for comparison
article2 = WebFetch(
    url="https://oauth.net/2/refresh-tokens/",
    prompt="Summarize OAuth2 refresh token best practices"
)
# → Got official OAuth2 spec recommendations

# 4. Search for implementation gotchas
gotchas = WebSearch(
    query="JWT refresh token common mistakes pitfalls"
)
# → Found 3 articles on common errors

# 5. Synthesize findings
# Compare sources, note consensus vs. disagreement
# Highlight trade-offs and context-specific advice

Quality Indicators

High-quality findings have:

  • ✅ Multiple authoritative sources agree
  • ✅ Publication dates within last 2 years
  • ✅ Specific code examples with explanation
  • ✅ Acknowledges trade-offs and context
  • ✅ Cites benchmarks or case studies

Reconsider if:

  • ❌ Only one source found
  • ❌ Sources conflict without explanation
  • ❌ Generic advice without specifics
  • ❌ Outdated patterns (>3 years old for web)
  • ❌ No consideration of modern alternatives

Didn't find tool you were looking for?

Be as detailed as possible for better results