ClawHub

web-replication

v1.0.2

Frontend visual replication skill. Explores a target website’s publicly visible pages via Playwright MCP or agent-browser, captures screenshots and layout in...

0· 298·1 current·1 all-time
by@zai-org
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the skill is an instruction-only workflow to crawl public pages and produce a frontend mockup. It explicitly depends on Playwright MCP or agent-browser (other skills/tools) and does not request unrelated credentials or system access.
Instruction Scope
SKILL.md includes a mandatory authorization gate, rules to avoid logged-in content, robots.txt compliance, and clear limits to frontend-only replication. It also instructs broad crawling and asset saving (screenshots, images, fonts), which is expected but can collect copyrighted/public content — the policy cautions are present but enforcement depends on the agent and environment. The allowed-tools line references Bash usage; the skill also relies on external browser automation skills (Playwright/agent-browser) that must be present — the SKILL.md does not itself provide or install those helpers.
Install Mechanism
No install spec or code files are provided (instruction-only), so nothing is downloaded or written by the skill itself. This minimizes install-time risk. However runtime tooling (Playwright/agent-browser, or a Bash helper) must exist in the environment to perform crawling.
Credentials
The skill declares no required environment variables, credentials, or config paths — which is proportional to a frontend-only replication tool. It warns against collecting secrets and behind-login data. The lack of requested credentials aligns with the stated scope.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent system presence or modify other skills. It will write output files (blueprint and assets) as part of normal operation, which is expected for a replication workflow.
Scan Findings in Context
[no_regex_matches] expected: The static scanner found nothing because this is an instruction-only skill with no code files. Absence of findings is expected but does not guarantee safety at runtime — the agent executing the instructions will need appropriate tooling and constraints.
Assessment
This skill appears coherent for building frontend mockups, but only run it when you legally own or have explicit permission to replicate the target site (the skill requires you confirm this). Ensure Playwright MCP or agent-browser (or the referenced Bash helper) is installed and sandboxed; run crawls from an environment that won't leak local credentials or access private/internal networks. Be mindful that the skill saves screenshots and public assets (images, fonts), which may be copyrighted — do not reuse copyrighted content without rights. If you need stricter controls, require the agent to log each visited URL before fetching and to obey robots.txt and rate limits; consider running the crawl on a disposable VM or isolated network to limit accidental exposure of local secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk975cqmhg0p6n732q8qx098n4183xrny

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments