Ai Website Manager

This skill is coherent with its stated purpose (building Next.js + Sanity + Vercel sites) and is instruction-only, which reduces installer risk. Before installing or using it: - Treat API tokens carefully. The skill will ask you (during the guided flow) to create tokens for GitHub, Vercel, and Sanity so the site can be automated. This is expected, but follow least-privilege and short-lifetime practices: prefer tokens with minimal scopes, set expirations when possible, and rotate/revoke tokens if compromised. Avoid creating "no expiration" tokens unless you understand the risk. - Never paste secrets into chat. The SKILL.md warns against pasting tokens into chat — follow that. If the assistant asks for a token in chat, stop and instead store it locally in your project (e.g., .env.local) and ensure .env.local is in .gitignore. - Validate token scopes: GitHub PATs should be limited (repo scope or repo:status/workflow only as needed); Vercel tokens should be scoped to the specific project/team and set to expire; Sanity tokens should use the least privilege (read-only for most runtime uses; create editor tokens only when necessary and revoke when done). - Verify the source: the skill's homepage is missing and the owner is an unknown ID. If you plan to use it for production work or to give automation tokens, prefer skills from known publishers or run initial tests in throwaway/demo accounts. - Manual alternative: if you prefer not to provide automation tokens, you can still follow the skill's step-by-step guidance and run the commands yourself (create the repo, run npx create-next-app, push to GitHub, and deploy to Vercel) without granting any automated access. If you want more specific security advice, say whether you'll use real production accounts or temporary/test accounts and I can recommend exact token scopes and a step-by-step safe setup (including how to rotate tokens and verify .gitignore).