Static Webhost
v1.2.0Deploy static web pages and apps via Caddy or Nginx (auto-detected). Use when: 通过 Caddy 或 Nginx 部署静态网页和应用(自动检测)。使用场景: (1) User asks to create a web page, dem...
⭐ 0· 71·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (deploy static sites via Caddy or Nginx) lines up with the actions described in SKILL.md: detecting installed server, writing into web root, updating server config and reloading services.
Instruction Scope
Instructions are narrowly scoped to deploying static files and configuring/validating Caddy or Nginx. They do not instruct reading unrelated system files or sending data to external endpoints. The doc explicitly requires user confirmation and backups before making changes.
Install Mechanism
Instruction-only skill (no install step, no downloaded code). This minimizes disk persistence or supply-chain risk; occasional package-manager commands are suggested only as optional instructions if the server is missing.
Credentials
The skill legitimately requires elevated privileges (sudo/root) to edit /etc/* and /var/www/html and to reload services — this is proportionate to the stated purpose. Registry metadata did not declare required privileges/config paths, but the SKILL.md explicitly warns about and documents the need for root and backups.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system changes beyond the normal config edits for hosting. It does not attempt to modify other skills or global agent settings.
Assessment
This skill will perform system-level changes (write to /var/www/html, edit /etc/nginx or /etc/caddy/Caddyfile, reload services) and thus requires explicit user consent and sudo/root access. Before using: (1) ensure you have a full backup of existing web server configs and web root (the SKILL.md provides backup commands); (2) test in a non-production environment first; (3) verify the exact files being copied — do not inadvertently publish secrets or private files; (4) prefer a container or a user-level server (python -m http.server or npx serve) if you cannot grant root; (5) when presented with package-manager or systemctl commands, confirm they match your distribution (apt vs pacman) and do not run them blindly. The skill appears internally consistent with its purpose, but exercise standard caution because it requires elevated privileges and will modify server configuration and files.Like a lobster shell, security has layers — review code before you run it.
latestvk973054fnwjwmcpp2nz49xq4e184j6rg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.