ClawHub

ChilledSites

v1.0.0

AI-powered website generation and deployment. Generate, edit, and deploy websites to .chilledsites.com in seconds.

0· 998·0 current·0 all-time
by@paulgosnell
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (website generation & deployment) match the declared env vars (CHILLEDSITES_API_KEY, CHILLEDSITES_API_SECRET) and the documented REST endpoints. Nothing requested appears unrelated to a site-hosting API.
Instruction Scope
SKILL.md is an instruction-only runtime spec that stays within the stated purpose (generate, edit, deploy, list tokens). It explicitly includes an automated signup flow and endpoints to upload arbitrary HTML/CSS/JS and deploy to public subdomains — these are coherent for the purpose but materially widen what an agent can publish (e.g., could host sensitive data or exfiltrate content if the agent is given or collects it).
Install Mechanism
No install spec or code files are present; lowest-risk delivery model (instruction-only). There is no third-party download or package installation to review.
Credentials
Only two service-specific credentials are required (API key and secret), which is proportionate for this API. No unrelated system credentials, config paths, or binaries are requested.
Persistence & Privilege
always:false (not force-included). The skill allows autonomous model invocation (platform default). Combined with the ability to create accounts and publish arbitrary site content, autonomous use increases the potential blast radius (publicly accessible subdomains can be created without human approval).
Assessment
This skill appears to do what it says: it uses CHILLEDSITES API keys to generate and publish websites. Before installing, consider: 1) Limit exposure — use a dedicated, low-privilege chilledsites account (or promo key) rather than your organization’s main credentials. 2) Approve deployments — avoid letting the agent autonomously upload files or deploy public subdomains that might contain sensitive data. 3) Monitor and audit created sites and rotate keys if you see unexpected activity. 4) Review the chilledsites.com privacy/terms and confirm the API base is legitimate. If you need higher assurance, require human confirmation before any signup, upload, or deploy actions.

Like a lobster shell, security has layers — review code before you run it.

creativevk9795yb0yvrw9xfdf86z960x5580r5ccdeployvk9795yb0yvrw9xfdf86z960x5580r5cclatestvk9795yb0yvrw9xfdf86z960x5580r5ccwebsitevk9795yb0yvrw9xfdf86z960x5580r5cc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

CS Clawdis
EnvCHILLEDSITES_API_KEY, CHILLEDSITES_API_SECRET
Primary envCHILLEDSITES_API_KEY

Comments