ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Amys Website Factory

v1.0.0

Self-contained website factory skill for scaffold, build, test, deploy

0· 78·0 current·0 all-time
byKrzysztof@genortg

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for genortg/amys-website-factory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Amys Website Factory" (genortg/amys-website-factory) from ClawHub.
Skill page: https://clawhub.ai/genortg/amys-website-factory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install amys-website-factory

ClawHub CLI

Package manager switcher

npx clawhub@latest install amys-website-factory
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included payload: templates, scaffolding, verify and deploy scripts, and example sites are all present. The code and scripts are consistent with a website factory. However the skill's published metadata lists no required env vars or primary credential even though deploy/publish scripts accept VERCEL_TOKEN and call 'gh'/'vercel' CLIs — an omission that deserves attention.
!
Instruction Scope
SKILL.md tells the agent to run node index.js commands which wrap the bundled shell scripts. Those scripts perform filesystem writes (scaffold a repo, write README, artifacts/), run network operations (npx create-next-app, npm install, npm run build), start local servers, run headless tests, and call external CLIs (‘vercel’, ‘gh’) to link/create/push repos and deploy. While these actions are within the stated purpose, they are potentially destructive/networked and rely on credentials/CLIs not declared in the skill metadata. The SKILL.md promises explicit approval is required for deploys, but there is no enforcement mechanism in the metadata — that's a risk if an agent runs these autonomously.
Install Mechanism
No install spec — the skill is bundled and instruction/code-only. Nothing in the manifest downloads or extracts remote archives; all code is included in the bundle, which lowers install-time supply-chain risk. Scripts do call external package registries (npx/npm) at runtime, which is expected for scaffolding.
!
Credentials
Declared requirements: none. Actual usage: scripts reference VERCEL_TOKEN (optional in deploy-site.sh), call 'gh' (GitHub CLI) and 'vercel' CLIs, and push via git@github.com (SSH). Those imply needing Vercel tokens, GitHub credentials (gh or SSH keys), and network access. The skill should have declared these env/credential needs (VERCEL_TOKEN, GH_TOKEN/SSH) but did not. That mismatch increases the chance an agent could attempt to use credentials that the user hasn’t anticipated.
Persistence & Privilege
The skill does not force permanent inclusion (always: false) and does not request to modify other skills. It writes artifacts under factory/artifacts and scaffolds site repos on disk — normal for this purpose. However, because model invocation is enabled by default (not disabled) and the skill can execute actions that push to remote services, the combination of autonomous invocation and undeclared credential usage is something to be cautious about (SKILL.md claims explicit approval is required but that is an instruction, not an enforced guard).
What to consider before installing
This bundle is plausibly a legitimate 'website factory' and contains the scaffolds and scripts you'd expect (scaffold, verify, deploy). Before installing or enabling it for autonomous use, do the following: - Inspect index.js (entry) to confirm how it invokes scripts and whether it prompts for explicit approval before any network or deploy steps. - Expect the publish/deploy scripts to call external CLIs: 'vercel' (optionally reads VERCEL_TOKEN), 'gh' (GitHub CLI) and git (SSH). Do NOT provide long-lived credentials globally without review. Prefer ephemeral tokens or limit-scope tokens. - If you plan to let an agent run this skill, either disable autonomous invocation for this skill or require manual approval for any deploy/publish action. The SKILL.md's prose saying 'requires explicit approval' is not enforced by the manifest. - Run the skill inside a sandboxed environment (container or disposable VM) the first few times: the scripts will create directories, run npx/npm (network), start servers on local ports, and write artifacts to factory/artifacts. - If you will use GitHub/Vercel integration, verify that the skill only uses tokens you intend and that it won’t leak them (scan index.js and scripts for any code that sends tokens to external endpoints beyond vercel/gh). Look for any unexpected network endpoints in index.js or backend code (e.g., POSTs to unknown hosts). - If you are not comfortable granting repo or deploy rights, keep credentials out of the agent environment and perform publish/deploy steps manually. If you want, I can open and analyze index.js and any other specific files (e.g., backend/main.py) to confirm exactly how credentials are read, how deploy decisions are gated, and whether there are hidden outbound network calls.
index.js:29
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978syfmyvjb6sfj49y1j26jq985cdn2
78downloads
0stars
1versions
Updated 5d ago
v1.0.0
MIT-0
Krzysztof@genortg
latest
Download

amys-website-factory skill

Provides a self-contained OpenClaw skill that exposes the website factory bundled in this skill's factory/ folder as a reusable skill.

Capabilities

  • create new site from template
  • list existing sites
  • run headless checks (dev server + Playwright smoke)
  • publish/deploy helper wrappers (Vercel scripts wrapper)

Usage

  • Use this skill when you want programmatic access to the factory: spawning builds, running tests, or creating site repos.

Implementation notes

  • The skill is a lightweight wrapper around the existing scripts and templates in the workspace. It intentionally delegates heavy work to those scripts (scripts/*.sh) so the skill remains declarative and safe.

Paths

  • Factory root (bundled): factory/

Documentation bundled in skill:

  • docs/DESIGN_GUIDE.md — theming + Tailwind integration (CSS-vars + tailwind config snippet)
  • docs/PACKS_RESEARCH.md — recommended component packs and tradeoffs (shadcn, Radix, Tailwind UI, Flowbite, etc.)
  • docs/WORKFLOW.md — agent workflow (brief → scaffold → verify → deploy)
  • docs/COPYWRITING.md — copy templates and SEO metadata

Action examples

  • List sites: run node index.js list (shows bundled example sites)
  • Create new site: node index.js create <name> (scaffolds Next.js + Tailwind, injects theme vars)
  • Run checks: node index.js check <name> (headless verify wrapper)
  • Deploy: node index.js deploy <name> --prod (requires explicit credentials/approval)

Security

  • Non-destructive by default. Any deploy/publish actions require explicit approval or user-provided credentials (Vercel token, git remote).

Contact

  • AMY (assistant) — use sessions_spawn or run scripts in a spawned subagent for long jobs.

Comments

Loading comments...