ClawHub

Website Manager

v1.0.6

Create, recreate, redesign, publish, and operate websites managed from Notion, including blogs, CMS-driven sections, widgets, filtering/search interactions,...

1· 63·0 current·0 all-time
byPrompt Circle@hollaugo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description target Notion-backed site creation, management, and Netlify deployment; the included scripts call only Notion and Netlify APIs and perform site validation and blueprinting — all directly relevant to the stated purpose.
Instruction Scope
SKILL.md explicitly restricts secret usage to user-requested automated CMS provisioning, sync, or deploys. The runtime instructions read local reference files and call helper scripts that perform network operations and write non-secret JSON metadata. This is expected, but those operations will modify remote resources (create Notion databases/pages, create Netlify sites/deploys) and write local runtime files, so user consent is required before performing those privileged actions.
Install Mechanism
No install spec or third-party downloads; scripts are included in the repo and use standard Python stdlib (urllib, zipfile, tempfile). No high-risk remote installs or archived code downloads were found.
Credentials
The primary credential (NOTION_ACCESS_TOKEN) and optional NETLIFY_AUTH_TOKEN are appropriate for the requested operations. Minor metadata inconsistency: SKILL.md metadata lists primaryEnv as NOTION_ACCESS_TOKEN but runtime_metadata.primary_credentials lists both NOTION_ACCESS_TOKEN and NETLIFY_AUTH_TOKEN — this is a small mismatch but not a functional red flag. The skill does not request unrelated secrets.
Persistence & Privilege
The skill will perform outbound network requests and persistent_file_writes (persisting non-secret IDs to .website-manager/*.json) and can create remote resources (Notion DBs, Netlify sites/deploys). always:false (not force-included) and model invocation is allowed (platform default). These privileges match the skill's purpose but warrant explicit user confirmation before automated runs.
Assessment
This skill appears to do what it says: blueprint sites, create/sync a Notion CMS, validate built output, and optionally deploy to Netlify. Before using it: 1) Only provide NOTION_ACCESS_TOKEN / NOTION_TOKEN and NETLIFY_AUTH_TOKEN when you explicitly ask the agent to provision CMS or run automated deploys. 2) Use least-privileged tokens (Notion internal integration shared to a single parent page; Netlify token limited to deploy scope). 3) Review .website-manager/notion.json and .website-manager/deploy.json before committing or syncing them — they should contain IDs/URLs only. 4) Remember the scripts will create remote resources (databases/pages on Notion, sites/deploys on Netlify); run them in a safe/test workspace first and revoke tokens when finished if you have concerns. 5) The runtime_metadata slightly inconsistently lists Netlify as a primary credential as well; confirm with the maintainer if you need stricter metadata before automated use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9720nr8q3m4xjwcp524sb0q25840mfe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Primary envNOTION_ACCESS_TOKEN

Comments