ClawHub

Htaccess Toolkit

v1.0.0

Generate, validate, lint, and explain Apache .htaccess files. Use when asked to create htaccess rules, redirect URLs, set security headers, enable caching, c...

0· 89·0 current·0 all-time
by@charlie-morrison

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for charlie-morrison/htaccess-toolkit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Htaccess Toolkit" (charlie-morrison/htaccess-toolkit) from ClawHub.
Skill page: https://clawhub.ai/charlie-morrison/htaccess-toolkit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install htaccess-toolkit

ClawHub CLI

Package manager switcher

npx clawhub@latest install htaccess-toolkit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (htaccess generation, linting, explanation) align with the included SKILL.md and the Python script. The script implements generators, lint rules, explain/presets functionality and does not request unrelated resources (no cloud keys or unrelated binaries).
Instruction Scope
Runtime instructions are limited to invoking the included Python script (generate, lint, explain, presets) and operating on .htaccess paths or writing an output file. They do not instruct the agent to read unrelated system files or transmit data externally.
Install Mechanism
No install spec is present (instruction-only + included script). The code is pure Python stdlib and will run locally; nothing is downloaded or executed from external URLs.
Credentials
The skill declares no environment variables, no credentials, and no config paths. The script does not appear to access secrets or unrelated env vars; its generated .htaccess content includes SetEnvIf which only affects Apache behavior when deployed, not the host environment.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent system-wide privileges or modify other skills' configurations.
Assessment
This skill appears to do what it claims, but take normal precautions before running: (1) Inspect the included scripts yourself (they are pure Python and bundled). (2) Back up any existing .htaccess before writing or using the --output option to avoid accidental lockout. (3) Test generated rules on a staging environment (HSTS, 'Require all denied', CORS permissive rules, and redirects can break site access). (4) The tool writes the file path you supply without sanitizing the name—avoid running it as a privileged user and avoid pointing output at system paths. (5) If you will use it in automation/CI, review the linter rules and strict exit behavior. If you want extra assurance, run it in a sandboxed environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974e2hh36nxj2emdtbfe4gytx84s0nq
89downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@charlie-morrison
latest
Download

htaccess Toolkit

Generate, validate, lint, and explain Apache .htaccess files with security headers, caching, CORS, compression, and more.

Generate

# HTTPS redirect + security headers + compression
python3 scripts/htaccess.py generate --rewrites http-to-https --security strict --compression

# Full production setup
python3 scripts/htaccess.py generate \
  --rewrites http-to-https www-to-non-www \
  --security strict \
  --caching standard \
  --compression \
  --protect directory-listing dotfiles sensitive-files \
  --error-pages 404 500 \
  -o .htaccess

# WordPress hardening
python3 scripts/htaccess.py generate --protect wp-config xmlrpc dotfiles --security strict

# CORS for specific domain
python3 scripts/htaccess.py generate --cors specific --domain example.com

# Custom redirects
python3 scripts/htaccess.py generate --redirects "/old-page -> /new-page" "/blog -> https://blog.example.com"

# Hotlinking protection
python3 scripts/htaccess.py generate --protect hotlinking --domain example.com

Lint

# Basic lint
python3 scripts/htaccess.py lint .htaccess

# Strict mode (exit 1 on errors, CI-friendly)
python3 scripts/htaccess.py lint .htaccess --strict

# Filter by severity
python3 scripts/htaccess.py lint .htaccess --severity error warning

# JSON output
python3 scripts/htaccess.py lint .htaccess -f json

Lint Checks (10 rules)

  • rewrite-no-engine — RewriteRule without RewriteEngine On
  • duplicate-rewrite-engine — Multiple RewriteEngine On
  • redirect-no-slash — Redirect path not starting with /
  • missing-l-flag — RewriteRule without [L] flag
  • mixed-redirect-rewrite — Mixing Redirect and RewriteRule
  • unclosed-ifmodule — Unclosed IfModule blocks
  • unclosed-files — Unclosed Files/FilesMatch blocks
  • wildcard-cors — Wildcard origin with credentials
  • no-hsts — HTTPS without HSTS header
  • options-minus-indexes — Directory listing not disabled

Explain

# Human-readable explanation of each directive
python3 scripts/htaccess.py explain .htaccess

List Presets

python3 scripts/htaccess.py presets
python3 scripts/htaccess.py presets -f json

Available Presets

Rewrites: http-to-https, www-to-non-www, non-www-to-www, trailing-slash-add, trailing-slash-remove, remove-extension

Security: basic, strict

Caching: standard, aggressive

CORS: permissive, specific

Protection: directory-listing, dotfiles, sensitive-files, wp-config, xmlrpc, hotlinking

Error Pages: 404, 403, 500, 503

Comments

Loading comments...