ClawHub

one line HTTP static server

v2026.3.10

Start a local HTTP static file server in the current or specified directory using one-line commands compatible with 25+ languages and tools, auto-detecting r...

0· 209·1 current·1 all-time
by浮生@flowerwrong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (one-line HTTP static server) matches the content: SKILL.md and references provide one-liner commands across many runtimes. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
The runtime instructions are focused on detecting available runtimes, choosing an option (default Python 3), and returning an exact one-liner. They do recommend commands that change networking exposure (binding to 0.0.0.0) and use package managers/remote registries (npx, go run, deno run, pip, cargo, etc.) and Docker mounts; these are expected for the task but are worth calling out because they can fetch/execute remote code or expose files to containers or the LAN.
Install Mechanism
Instruction-only skill with no install spec and no code files. The skill itself does not write or install anything. It does suggest developer tooling commands that, when executed by a user/agent, may install or run packages from registries — that is appropriate for this utility but not performed by the skill itself.
Credentials
The skill requests no environment variables or credentials. It only asks the agent to detect available runtimes (e.g., `python3 --version`) and confirm port/directory, which is proportionate to its purpose.
Persistence & Privilege
always is false and there are no install hooks or modifications to other skills or system config. Autonomous invocation is allowed (default) but this is normal for skills; no elevated persistence is requested.
Assessment
This skill is an instruction-only guide for starting local static servers and appears internally consistent. Before running any suggested command, confirm the port and directory. Be aware that several recommended one-liners will fetch or execute code from remote package registries or start containers (e.g., npx, go run, deno run, pip/cargo installs, docker run) — only run those if you trust the upstream packages. Also note bind addresses like 0.0.0.0 expose the server to your LAN; use 127.0.0.1 or bind to a specific IP if you only want local access. Prefer read-only Docker mounts when sharing files into containers and inspect any unfamiliar commands before executing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bspr2qmhxqmjjwmqwhxb6v182stt5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments