ClawHub

Web Deploy

v1.0.0

Build, preview, and deploy websites, web apps, and APIs using Vercel, Railway, GitHub Pages, or local Canvas environments.

1· 3.3k·11 current·11 all-time
by@cmanfre7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md provides a coherent set of deployment and local-preview commands for static sites, Next.js, Vite, FastAPI and deployment targets (Vercel, Railway, GitHub Pages, and a local 'clawd/canvas' folder). There are no unrelated requirements (no unexpected env vars, binaries, or config paths).
Instruction Scope
Instructions stay within the scope of building, previewing, and deploying web apps. They instruct using standard CLIs (vercel, railway, gh-pages) and local copy commands. The doc does not instruct reading unrelated files, exfiltrating data, or calling unexpected external endpoints.
Install Mechanism
No install spec or bundled code — this is instruction-only. Nothing will be written automatically to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for an instruction-only guide. However the commands it recommends (e.g., `railway login`, `npx vercel`, `npx vercel env add`) will prompt you to authenticate to third-party services and/or create environment variables on those platforms at runtime; the guide does not attempt to collect those secrets itself.
Persistence & Privilege
always is false and there are no instructions to modify other skills or global agent settings. The recommended CLIs may store authentication tokens locally when you run them, but the skill itself does not request persistent privileges.
Assessment
This skill is an instruction-only deployment guide and appears coherent with its purpose. Before using it, keep these points in mind: - The file only suggests commands — it does not itself install anything or request credentials. You will need to run CLI tools (vercel, railway, gh-pages, npx, etc.) and those tools will require you to authenticate; that authentication is handled by those CLIs and may store tokens locally. - npx runs packages from the npm registry if a local binary isn't present. Verify command names (e.g., `vercel`, `http-server`, `serve`) are correct and from official packages to avoid typosquatting risks. - Do not commit secrets to git or include .env contents in your build artifacts; the guide already warns about this. - The guide includes copying files to ~/clawd/canvas — ensure you understand and trust that local path and its purpose before copying site files there. - If you want stronger assurance, install the official CLIs from vendor documentation (rather than running one-off npx invocations), and verify the source of any package before executing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fprqdcp43td9280s3a0bkrn803s17

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments