Netlify
v1.0.0Use the Netlify CLI (netlify) to create/link Netlify sites and set up CI/CD (continuous deployment) from GitHub, especially for monorepos (multiple sites in one repo like Hugo sites under sites/<domain>). Use when Avery asks to deploy a new site, connect a repo to Netlify, configure build/publish settings, set environment variables, enable deploy previews, or automate Netlify site creation.
⭐ 2· 2.9k·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description match the included scripts and SKILL.md: it automates creating/linking Netlify sites and adding netlify.toml for Hugo subfolders. However, the metadata declares no required binaries or credentials even though the instructions and scripts clearly rely on the Netlify CLI and suggest using NETLIFY_AUTH_TOKEN for non-interactive runs. This omission is an inconsistency (not necessarily malicious) that reduces transparency.
Instruction Scope
The SKILL.md and scripts limit actions to creating a netlify.toml in the target folder, running netlify sites:create, netlify link, and netlify init (interactive GitHub connection). There are no instructions to read unrelated system files or exfiltrate data. Note: netlify init will connect to GitHub and may initiate OAuth/permissions on your repositories, which is in-scope for deploying to Netlify but worth user awareness.
Install Mechanism
There is no install spec (instruction-only plus two small helper scripts). No remote downloads or package installs are invoked by the skill itself, so there is low installation risk. The included scripts are small, readable bash scripts that create a netlify.toml and shell out to the netlify CLI.
Credentials
The skill metadata lists no required environment variables or primary credential, but the SKILL.md and scripts recommend or expect NETLIFY_AUTH_TOKEN (and implicitly will trigger a GitHub OAuth/connection via netlify init). The skill therefore asks for or uses credentials (Netlify token and GitHub account access) without declaring them, which is a transparency and proportionality concern.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. Its actions are limited to the repo/site directory (writing netlify.toml) and invoking the Netlify CLI—normal for deployment tooling.
What to consider before installing
This skill appears to be a straightforward Netlify CLI helper, but the package metadata omits important runtime dependencies and credential needs. Before installing or running: 1) Confirm you have the netlify CLI installed locally and test it manually (netlify --version, netlify status). 2) Do not paste long-lived secrets into chat — pass NETLIFY_AUTH_TOKEN only in a secure environment variable and prefer a token with minimal scopes. 3) Be aware netlify init will connect to GitHub and may request repo access/OAuth; verify which GitHub account and scopes are used. 4) Review and possibly edit the netlify.toml the script writes (it will modify your repo directory). 5) Because the metadata didn't declare these requirements, consider treating the skill as untrusted until you confirm the environment and tokens it will use; run the scripts in a controlled test repo or sandbox first.Like a lobster shell, security has layers — review code before you run it.
cicdvk977q5ypjk6gxh46smt7e2yhwh80c5y2deploymentvk977q5ypjk6gxh46smt7e2yhwh80c5y2hostingvk977q5ypjk6gxh46smt7e2yhwh80c5y2latestvk977q5ypjk6gxh46smt7e2yhwh80c5y2monorepovk977q5ypjk6gxh46smt7e2yhwh80c5y2netlifyvk977q5ypjk6gxh46smt7e2yhwh80c5y2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.