EvoWeb.ai Website Builder
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: evoweb-ai Version: 1.0.10 The OpenClaw skill bundle is designed to interact with the EvoWeb.ai service for website generation. The `SKILL.md` file contains instructions for the AI agent to make API calls to `https://api.evoweb.ai/` and to construct registration links for users without an API key. It correctly instructs the agent to use the `EVOWEB_API_KEY` environment variable for authentication with the EvoWeb.ai API. There is no evidence of malicious intent, such as unauthorized data exfiltration, local command execution, persistence mechanisms, or instructions for the agent to perform actions beyond the stated purpose of integrating with EvoWeb.ai. All network calls are directed to the legitimate EvoWeb.ai domain, and user input is handled appropriately (e.g., URL-encoded for links).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may use the user's EvoWeb account access to create website generation tasks and possibly consume account credits.
The skill uses an EvoWeb API key to act on the user's EvoWeb account, which is expected for the service but still grants delegated account authority.
Include this header in all requests: ``` Access-Token: your-api-key-here ```
Use an API key intended for this service, keep it private, and revoke or rotate it if no longer needed.
A website may be generated and made available through EvoWeb based on the prompt provided.
The skill instructs the assistant to call an external API that creates a new website. This is central to the skill's purpose, but it is a mutating action.
Call `POST /sites` with the enhanced prompt.
Review the business description before asking the assistant to create the site, especially if the content should not be public.
Business or project details placed in the prompt may be shared with EvoWeb and appear in a URL.
If no API key is available, the skill embeds the user's website prompt in an EvoWeb registration URL, sending that description to the external provider when used.
Add parameter: `&prompt=[URL_ENCODED_PROMPT]`
Avoid putting confidential business plans, personal data, or secrets in the website prompt or registration link.