WebsitePublisher
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can create or change website pages and assets that may become visible on a live website.
The skill is explicitly intended to create and publish live website content through API calls. This is purpose-aligned, but it means the agent can make public-facing changes.
Build and publish complete websites via WebsitePublisher.ai. Create pages, upload assets, manage dynamic data (products, team members, blog posts), configure contact forms, and publish to a live URL
Use it with a dedicated project where possible, review important public-facing changes, and be cautious with delete or bulk operations.
Anyone or any agent process with access to the configured token may be able to act on the selected WebsitePublisher.ai project.
The skill requires a provider API token and project identifier so it can authenticate to WebsitePublisher.ai. This is expected for the service integration.
`WEBSITEPUBLISHER_TOKEN` — API token (starts with `wpa_`) - `WEBSITEPUBLISHER_PROJECT` — Project ID
Store the token securely, use the least-privileged token available, rotate it if exposed, and configure it only for the intended project.
A mistaken bulk update or deletion could affect multiple parts of the configured website project.
The API reference includes bulk and delete operations. These are consistent with website management, but mistakes could affect multiple live pages or assets.
| Delete page | DELETE | `/papi/project/{id}/pages/{slug}` |
| Bulk create | POST | `/papi/project/{id}/pages/bulk` |Confirm destructive or bulk changes before running them, and use the listed versioning or rollback features if an unwanted change occurs.