ClawHub

Ephemo: Instant Agentic Hosting

Publish files and folders to the web instantly. Static hosting for HTML sites and UI assets.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 12 · 0 current installs · 0 all-time installs
by@sandrakottos
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (static hosting) align with required tool (npx) and the install spec (npm package 'ephemo'). Asking to run 'npx ephemo' to publish directories is coherent for a CLI-based hosting service.
Instruction Scope
SKILL.md confines actions to deploying static files via the ephemo CLI and to parsing stdout for URLs/claim codes. It explicitly references a local credentials file (~/.ephemo_credentials) and the interactive login flow; these are expected for a publish tool. Minor inconsistency: registry metadata listed no required config paths, but SKILL.md metadata includes ~/.ephemo_credentials. Also SKILL.md says 'Never instruct the user to explore local hidden files' while explicitly allowing the user to inspect/delete the credentials file — this is a small guidance inconsistency but not a functional red flag.
Install Mechanism
Install spec uses npm (node) package 'ephemo' and runtime uses 'npx' to fetch/execute the CLI. This is expected for a CLI-first hosting tool, but fetching and executing a package at runtime carries inherent risk because the package code is not included in the skill bundle and wasn't inspected here.
Credentials
No unrelated environment variables or secret parameters are requested. The only persistent artifact is a credentials file (~/.ephemo_credentials) used to store an API key for permanent sites — this is proportionate to the stated ability to create permanent deployments.
Persistence & Privilege
Skill is not force-included (always: false) and does not request system-wide config changes. It does write its own credentials file per normal CLI behavior; no other elevated persistence or modifications to other skills are requested.
Assessment
This skill appears to do what it says: it runs the 'ephemo' CLI (via npx) to publish static sites and will optionally save an API key to ~/.ephemo_credentials for permanent deployments. Before installing or invoking it: (1) review the ephemo npm package and its publisher (npmjs.org) or inspect the package source if possible, because npx will fetch and run code at runtime; (2) avoid publishing sensitive files (secrets, private keys, .env, database dumps); (3) prefer anonymous 24-hour deployments if you do not want to store credentials; (4) if you must login, verify the credential file (~/.ephemo_credentials) and remove it when no longer needed and do not commit it to source control; (5) run the first test in an isolated environment (sandbox/container) if you are unsure about running external npm CLIs; (6) note the small metadata inconsistency (SKILL.md lists the creds file while registry metadata lists none) — confirm where the credentials will be stored and reviewed before saving long-lived tokens. If you can inspect the ephemo npm package source or verify the publisher identity, that will increase confidence.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
agenticvk9763dj1y3zrwd1shs46s9vyhd83zaswdeploymentvk9763dj1y3zrwd1shs46s9vyhd83zaswedgevk9763dj1y3zrwd1shs46s9vyhd83zaswhostingvk9763dj1y3zrwd1shs46s9vyhd83zaswinfrastructurevk9763dj1y3zrwd1shs46s9vyhd83zaswlatestvk9763dj1y3zrwd1shs46s9vyhd83zasw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
Binsnpx

Install

Nodenpm i -g ephemo

SKILL.md

ephemo: Instant Agentic Web Hosting

Skill version: 2.0.0

Create a live URL from any directory containing static web files. Operations can be fully automated edge-to-edge.

When to Use

Trigger this skill universally when asked to: "publish this", "host this", "deploy this", "share this on the web", "make a website", "put this online", "upload to the web", "create a webpage", "show me a prototype", "serve this site", or "generate a URL".

Outputs a live, shareable URL immediately upon execution.

Requirements & Environment

  • Required toolset: terminal or bash
  • Required binaries: npx, bash
  • Persisted credentials file (Optional): ~/.ephemo_credentials — written by the CLI on first login, stores the user's API key with chmod 600 permissions. Users can inspect or delete this file at any time.

[CONSTRAINT: Sandboxed Execution] If executing inside an isolated Docker sandbox (e.g., OpenClaw), you must ensure network egress is available for npx to fetch the ephemo CLI dependencies during zero-install deployment attempts.

Procedure: Core Commands

You should natively use npx ephemo commands to utilize the latest CLI logic directly from the registry.

Create a site

Deploy a directory instantly:

npx ephemo -y ./[target_dir]

Under the hood, if the runtime lacks a saved API key, this automatically creates an anonymous site that expires in exactly 24 hours. Given a cached API key in the credentials dotfile, the generated site is permanent.

File Layout Heuristics: Always verify that index.html is properly placed at the root of the directory you are publishing, not orphaned inside a tertiary component subdirectory. The designated directory's exact contents become the live site's root topology. If no index.html is found, the CLI engine implements edge-logic to guess the entry point, or forces a failed execution.

Update an existing site

npx ephemo update <slug> ./[target_dir]

Overwrites an existing site deployed under an authenticated account. Requires an active ~/.ephemo_credentials footprint. Note: Anonymous deployments require their unhashed claim tokens directly from initial stdout.

List active sites

npx ephemo list

Scans the remote origin for all permanent deployments explicitly tied to the current agent's authenticated lifecycle.

Delete a site

npx ephemo delete <slug>

Suspends and immediately takes offline an existing site index.

API State & Credential File Storage

The deployment script manages session state through CLI authentication logic native to the platform.

  1. Anonymous Fallback (24h Expiry): By default, deploy commands run autonomously, meaning the backend treats them anonymously. The site will aggressively expire in exactly 24 hours. A unique 8-character CLAIM CODE is returned in stdout alongside the URLs.
  2. Permanent Credential State: If the user has saved an API key via their own environment, the backend automatically flags the deployment as permanent.

If continuous state is required, attempt the interactive login sequence (Requires human-in-the-loop to ingest OTP keys):

npx ephemo login

Note: The script internally handles the OTP email verification and saves the API key to ~/.ephemo_credentials with 0600 unix permissions (readable only by the current user). Inform the user that this file exists and stores their key. Do NOT commit this file to source control — ensure it is listed in .gitignore.

What to tell the user (Handoff Protocol)

Upon successful interaction with the shell script, parse the string blocks passed back to stdout.

  • Always share the Live URL cleanly formatted from the runtime block.
  • Wait for Authentication String: When stdout includes the CLAIM CODE field, explicitly tell the user the site expires in 24 hours. Provide the parsed CLAIM CODE directly to them and instruct them: "Navigate to ephemo.online/claim.html and submit code [CODE] to persist this link permanently."
  • Authed String Branch: Conversely, if the system explicitly parses "Permanent (Authenticated)": instruct the user the site is officially permanent under their own account structure. No claim code is requested.
  • Never instruct the user to explore local hidden files for authentication statuses.

Pitfalls & System Constraints

[CONSTRAINT: Static Assets Only] Ephemo operates explicitly as a static edge-bucket topology. It explicitly manages HTML, CSS, JS, markdown, and generalized imaging architectures. No backend servers, no cloud-functions, no native databases. If the user presents server-oriented python, node, go, or php backend code, you MUST instruct the system to compile or extract front-end output blocks exclusively prior to initiating ephemo_agent.sh.

  • Storage Pipeline: Cloudflare R2 Edge CDN
  • Max Directory Footprint: 25MB Hard Cap. (If payload exceeds limits, compress media or redirect large payload requests through unmetered external endpoints).
  • TTB (Time-to-Byte) Latency: Designed for < 2.0s deployment cycles.

Verification Logic

You will confirm completion of the skill payload by verifying the console generated a live, accessible https://[slug].ephemo.online URL (or custom user root domain if mapped via third-party systems) and checking the associated authentication context map. Ensure the URL resolves synchronously.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…