ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

instruction-web

v1.0.0

生成包含截图占位符和操作步骤的美观Web界面操作指南HTML页面,介绍软件功能及导入智能体教程。

0· 290·0 current·0 all-time
by@2239721014-ops

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 2239721014-ops/instruction-web.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "instruction-web" (2239721014-ops/instruction-web) from ClawHub.
Skill page: https://clawhub.ai/2239721014-ops/instruction-web
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install 2239721014-ops/instruction-web

ClawHub CLI

Package manager switcher

npx clawhub@latest install instruction-web
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated goal—creating stylized HTML web UI guides with screenshot placeholders—matches the SKILL.md. However the SKILL.md embeds a hard-coded default GitHub repo (2239721014-ops/ai-hardwork-report) and specific output path under ~/.openclaw/workspace-aiquanzi/workplace-doc/. Those repository defaults are not explained by the skill's description and appear arbitrary; writing/committing to a third-party repo is not necessary to generate a local HTML guide and is disproportionate to the claimed purpose.
!
Instruction Scope
Runtime instructions require generating files in a specific local path and performing git add/commit/push to a particular repo, then relying on jsDelivr/htmlpreview to publish and preview the page. That means the skill will (if allowed to act) create files on disk and attempt to publish them to external services—potentially exposing sensitive content. The SKILL.md also mandates automatic triggering on a set of keywords, which grants broad invocation scope; combined with push instructions this increases the risk of accidental public disclosure. The instructions do not limit what content must be avoided, nor do they require user confirmation before publishing.
Install Mechanism
This is an instruction-only skill with no install spec or bundled code, so there is no package download or installation risk from this bundle itself.
!
Credentials
requires.env lists nothing, yet the flow expects git push and using GitHub/jsDelivr which require Git credentials and a repo the user can push to. The skill does not declare or justify any required credentials, nor does it explain how authentication is handled. The presence of a preconfigured third-party repo (and jsDelivr URL template pointing to that repo) is disproportionate and could cause data to be pushed to someone else's repository if defaults are used.
Persistence & Privilege
The skill is not always-enabled and doesn't request special platform privileges. However SKILL.md explicitly says it 'must' auto-trigger on certain keywords; autonomous invocation is allowed by platform defaults but this wording creates a strong expectation of automatic runs on casual user phrases. That combined with publishing behavior increases risk—recommend explicit user confirmation before any push.
What to consider before installing
This skill will generate HTML guides and (per its instructions) write files into ~/.openclaw/.../workplace-doc and try to commit & push them to a specific GitHub repo so they become available via jsDelivr/htmlpreview. Before installing or enabling: (1) Do not rely on the defaults — change the default repo to a repository you control or remove the automatic push step. (2) Require explicit user approval before any git commit/push or public upload; do not allow automatic publishing on keyword triggers. (3) Verify the git remote and credentials the agent would use — the skill declares no credentials but expects push capability. (4) Avoid including any sensitive information (API keys, internal screenshots) in generated pages. (5) If you cannot confirm the intended repository is yours and that the agent will obtain explicit consent before publishing, treat this skill as risky and do not enable autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk978cm0yx0s3954x997bt208r982y0cw
290downloads
0stars
1versions
Updated 8h ago
v1.0.0
MIT-0
@2239721014-ops
latest
Download

Instruction Web Publisher

创建 Web 界面操作指南网页的完整工作流。

⚠️ 输出目录规则(重要)

生成的 HTML 文件必须统一放到 workplace-doc 文件夹,不要散落在其他位置。

示例路径:

/Users/jasperchen/.openclaw/workspace-aiquanzi/workplace-doc/xxx.html

适用场景

  • 创建 Web UI 操作指南
  • 介绍软件界面和功能
  • 制作导入智能体/Agent 的教程页面
  • 生成图文并茂的使用说明

⚠️ 触发条件(重要)

当用户发送以下内容时,必须自动触发此skill:

  • 包含"创建指南"、"操作说明"、"界面介绍"
  • 包含"Web教程"、"UI介绍"、"使用手册"
  • 包含"如何导入"、"导入智能体"、"导入Agent"
  • 要求创建介绍某个Web界面的网页

重要:内容排版要求

  • 必须图文并茂,不能是纯文字
  • 需要包含截图占位符、图标、UI元素示意图
  • 排版要美观专业,适合在线阅读
  • 使用卡片式布局、徽章、代码块、步骤条等元素
  • 重点突出导入智能体的操作步骤

工作流程

1. 收集需求

与用户确认:

  • 要介绍的软件/Web界面名称
  • 主要功能列表
  • 导入智能体的具体步骤
  • 是否需要包含截图(用户提供或使用占位符)

2. HTML 生成

生成美观的 HTML 页面,包含:

  • Hero 区域(软件名称、Logo、标语)
  • 功能介绍卡片
  • 步骤指南(带编号)
  • 代码块(用于命令示例)
  • 截图占位符区域
  • FAQ / 常见问题

3. 推送到 GitHub

cd <repo-path>
git add <file>
git commit -m "Add: <title> guide"
git push

4. 生成国内访问链接

使用 jsDelivr CDN:

https://cdn.jsdelivr.net/gh/<username>/<repo>@main/<filename>

预览链接:

https://htmlpreview.github.io/?<jsdelivr-url>

输出格式

完成后向用户返回:

  1. jsDelivr 国内镜像链接(主要)

Comments

Loading comments...