ClawHub

React Local Business Website

v1.0.0

Build complete, modern multi-page React websites for local businesses (landscapers, restaurants, salons, plumbers, gyms, etc.). Use when a user asks to build...

1· 516·2 current·2 all-time
by@maverick-software
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (create multi‑page React sites for local businesses) matches the provided assets, page templates, components, Tailwind config, and SKILL.md instructions. There are no unrelated required binaries, env variables, or config paths.
Instruction Scope
SKILL.md stays within the site‑generation scope (scaffold with Vite, install React/Tailwind, write files, build). It references external image sources (Unsplash) and Google Fonts which is expected. One notable item: a commented example shows running the dev server with OpenClaw background exec using `npx vite --host 0.0.0.0 --port 5173` — if used as written this exposes the dev server to the network. The instruction is otherwise explicit about what files to write and commands to run and does not tell the agent to read unrelated system files or secrets.
Install Mechanism
This is an instruction-only skill with templates included in the bundle (no external install spec). The runtime workflow uses standard npm tooling (create‑vite, npm install, tailwind init) which will download packages from public registries — expected for a JS project. There are no obscure download URLs or archive extracts in the skill itself.
Credentials
The skill declares no required environment variables, no credentials, and the SKILL.md and code do not access environment vars or other secrets. All external network usage is for normal resources (npm registry, images.unsplash.com, fonts.googleapis.com).
Persistence & Privilege
always:false and no requests to modify other skills or global agent config. The only persistence-ish behavior is the suggestion to run a background dev server (commented example) which would create a long‑running process if executed; this is normal for local development but increases exposure if run with host 0.0.0.0.
Assessment
This skill appears to be what it says: a React site template + step‑by‑step setup. Before running anything: 1) Inspect the provided files locally (they're bundled) to confirm content and placeholder data (phone/address) are acceptable. 2) When you follow SKILL.md you'll run npm create / npm install which downloads packages from npm — only proceed if you trust those registries and your network. 3) Avoid running the dev server bound to 0.0.0.0 on an unprotected host (the SKILL.md shows a background exec example); prefer localhost or behind a firewall to prevent external access. 4) Verify any third‑party image/font usage complies with licensing. 5) If you want absolute isolation, run the build in a sandboxed environment or container. Overall the skill is coherent and not requesting secrets, but treat it like any external code: review and run in a controlled environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk971v8eaaag9q96d012f02760h8261t8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments