ClawHub

WordPress to Static Site

v1.2.0

Convert a WordPress website to a static site and deploy to Cloudflare Pages. Mirrors the rendered HTML via SSH, extracts only referenced assets (shrinks 1.5GB+ to ~25MB), fixes URLs, self-hosts fonts, strips WordPress cruft, and deploys. Use when migrating a WordPress site to static hosting.

4· 927·3 current·4 all-time
by@abhibavishi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Requested binaries (ssh, ssh-agent, rsync, curl, git, gh, wrangler) and env vars (WP_SSH_*, WP_SITE_URL, WP_SITE_NAME) align with an SSH-based site mirror, selective rsync, GitHub repo creation, and Cloudflare Pages deployment. Minor note: the instructions use wget on the remote server (not required locally), which explains why wget is not in the local required-bins list.
Instruction Scope
The SKILL.md stays on-task (SSH to server, mirror rendered HTML, rsync back, strip server-side files, create repo, deploy). It explicitly forbids bypassing host-key verification and warns not to commit credentials. However, the workflow still transfers many site assets and runs rsync on plugin/theme dirs; the user must verify the exclude rules removed all server-side or sensitive files before creating a repo or deploying. The skill's instructions put manual checks on the user (verify no PHP/config files), which is appropriate but important to follow.
Install Mechanism
Instruction-only skill with no install spec and no downloads — lowest-risk install model. There is no distributed code fetched by the skill itself.
Credentials
Required environment variables are limited to SSH connection info and site identifiers needed for mirroring and naming. Optional CF_ACCOUNT_ID and GH visibility are reasonable. No unrelated cloud secrets or broad credentials are requested.
Persistence & Privilege
Skill is not always-enabled, and model invocation is disabled (disable-model-invocation: true), so it cannot autonomously run. It does not request persistent system-wide config changes or other skills' credentials.
Assessment
This skill appears to do what it says, but you should: (1) ensure your SSH key and known_hosts are correct and that you understand the remote commands that will run; (2) double-check the rsync exclude patterns and run the provided 'find' checks to confirm no PHP/config/.env files were copied before committing or pushing; (3) review the Git repo locally before pushing to GitHub to avoid accidentally committing secrets; (4) keep backups of the original site until the static deployment is validated; (5) prefer running these commands interactively yourself (the skill is instruction-only and model invocation is disabled) so you can confirm each step. If you need greater assurance, ask the skill author for a sample dry-run output or a checklist showing the exact files that will be transferred and excluded.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fmgmt4t0e73qyazpp272rxh810e7e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSmacOS · Linux
Binsssh, ssh-agent, rsync, curl, git, gh, wrangler
EnvWP_SSH_HOST, WP_SSH_USER, WP_SSH_PORT, WP_SSH_KEY, WP_SITE_URL, WP_SITE_NAME

Comments