ClawHub

Framer CRM API

v1.0.1

Framer CMS management via the Server API — list, create, read, update, and delete CMS collections and items, upload images, publish previews, deploy to produ...

0· 17·0 current·0 all-time
by@berthelol
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, required binaries (node, npm), and required env vars (FRAMER_PROJECT_URL, FRAMER_API_KEY) align with the stated Framer Server API CMS management purpose. Asking to install the 'framer-api' npm package is expected.
Instruction Scope
SKILL.md instructs the agent to read the user's environment or .env file and, during onboarding, to append credentials to the project's .env and run npm install/init. These actions are within scope for a CMS automation skill, but they involve reading and writing a credentials file and installing packages in the user's project — the user should confirm these operations and ensure secrets are handled safely. The skill explicitly warns to confirm before deploy, which is good.
Install Mechanism
This is an instruction-only skill (no install spec). The only install action described is running 'npm i framer-api' in the project, which is standard and traceable to npm. No arbitrary downloads or extract-from-URL steps are present in the skill instructions.
Credentials
The only required environment variables are FRAMER_PROJECT_URL and FRAMER_API_KEY (the primary credential). These are proportional to a skill that connects to a Framer project. The onboarding flow also appropriately recommends storing keys in .env and checking .gitignore.
Persistence & Privilege
Skill flags show no forced persistence (always: false) and normal autonomous invocation settings. The skill's runtime instructions write only to the project's .env and optionally install a package; it does not request system-wide configuration or modify other skills.
Assessment
This skill appears to be what it says: a Framer Server API helper. Before installing or running it, consider the following: 1) The skill's source/homepage is not provided — verify you trust the publisher before giving it access to project credentials. 2) It will ask you for FRAMER_PROJECT_URL and FRAMER_API_KEY and may write them into the local project's .env; ensure .env is in .gitignore and avoid committing secrets to version control. 3) The skill instructs running 'npm i framer-api' — review the 'framer-api' npm package (maintainer, downloads, code) yourself before installing. 4) Require the agent to prompt you for confirmation before performing impactful actions (publish/deploy, deletes, bulk operations). 5) Where possible create an API key with limited scope for automation and rotate/revoke keys if you stop using the skill. If you want higher assurance, ask the publisher for provenance (homepage, repo link) or prefer a skill whose source code you can audit.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c6y4bemmeewf058wf9x8xhs84a3hr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, npm
EnvFRAMER_PROJECT_URL, FRAMER_API_KEY
Primary envFRAMER_API_KEY

Comments