ClawHub

Yeet it - Instant Web Hosting

v1.0.2

Publish HTML as a live website instantly. POST HTML, get a shareable URL. No account needed. Always asks the user for confirmation before publishing.

0· 296·0 current·0 all-time
bySnappy@snappyio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (instant web publishing) match the runtime instructions: the SKILL.md shows curl POST/PUT calls to https://yeetit.site endpoints and requires only curl. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to making HTTP calls to yeetit.site and include strong admonitions to always ask for explicit confirmation and to avoid embedding secrets or reading local env/files. This is appropriate, but the enforcement of the confirmation step depends on the agent — the SKILL.md cannot technically prevent an agent from ignoring that requirement.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk or fetched during install. This is the lowest-risk install profile.
Credentials
The skill requests no environment variables or credentials. That is proportional: publishing via an unauthenticated public API does not require user secrets. The SKILL.md explicitly warns not to include secrets in content.
Persistence & Privilege
always is false and the skill does not request persistent or elevated privileges or modify agent/system configurations. Note: model-autonomous invocation is allowed (platform default), so the combination of allowed autonomy + the skill's capability to publish public content means users should be cautious if they allow autonomous actions.
Assessment
This skill appears to do what it says: it makes HTTP requests to yeetit.site to publish HTML and requires only curl. Before using it, verify you trust the target site (https://yeetit.site), and never publish HTML that contains API keys, passwords, personal data, or anything sensitive. Because the SKILL.md's instruction to always ask for confirmation is a guideline rather than an enforced rule, make sure you (or your agent settings) will require an explicit approval step before any publish/update. If you need guarantees about data retention or ownership, review the service's privacy/terms and consider using a trusted hosting method for sensitive or permanent content.

Like a lobster shell, security has layers — review code before you run it.

latestvk973esphb8bgrcytyk0say5pbh82298p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
Binscurl

Comments