Site Cloner
v1.0.0Clone any live website into a self-contained, dependency-free HTML file with all content, styles, fonts, and images extracted and preserved. Use when asked t...
0· 73·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
high confidenceThe skill's described purpose (cloning websites) mostly matches its instructions, but there are multiple incoherent and risky details (hard-coded local paths, a specific VPS IP, implicit use of private SSH keys and GitHub pushes, and undeclared binaries/credentials) that warrant caution before installing or running it.
评估建议
This skill appears to implement a website cloner, but it contains several red flags you should consider before using it:
- Hard-coded local paths and credentials: The instructions reference C:\Users\MJ\.openclaw\workspace and C:\Users\MJ\.ssh\vps_key and even a specific VPS IP (187.124.92.226) and GitHub user. Those are example values but could cause accidental use of your own keys/paths if run without careful review.
- Implicit credential access: The skill will call ssh/scp and gh/git command...详细分析 ▾
ℹ 用途与能力
The skill's goal—fetching HTML/JS/CSS and assembling a standalone HTML file—is consistent with the instructions. However, the SKILL.md includes unrelated hard-coded local paths (C:\Users\MJ\.openclaw\workspace, C:\Users\MJ\.ssh\vps_key), a concrete VPS IP (187.124.92.226) and example GitHub user (michelle447). These examples go beyond 'how to clone a site' and imply specific local credentials/endpoints that are not justified by the general purpose.
⚠ 指令范围
Instructions tell the agent to download JS/CSS bundles and mine them for strings and image paths (expected), but also to read/write specific local filesystem locations, use a local SSH private key, scp/ssh to a hard-coded remote host, and push to GitHub. The SKILL.md never instructs the agent to prompt the user before using local keys or remote hosts, nor does it limit what local files to access. Mining JS bundles via regex may also inadvertently capture sensitive strings present in bundles (tokens, endpoints).
✓ 安装机制
Instruction-only skill with no install spec or code files — lowest install risk. No packages are downloaded/installed by the skill itself. The main risk is runtime behavior, not installation.
⚠ 凭证需求
The metadata declares no required env vars or credentials, but the runtime instructions implicitly require and access sensitive local artifacts (private SSH key at a specific path) and external tooling (git, gh, ssh, scp) without declaring them. This mismatch (no declared credentials but explicit use of ~/.ssh and pushes to GitHub) is incoherent and increases the chance of accidental credential exposure or misuse. The skill also references a specific remote IP and port allocations, which is unexpected for a general-purpose cloner.
ℹ 持久化与权限
always is false and the skill is not force-included. It can run autonomously by default, which is normal. The real privilege concern is that the instructions perform network operations (scp/ssh, gh push) and write files to disk; combined with implicit use of local SSH keys this increases blast radius if the agent invokes the skill without explicit user consent. The skill does not request altering other skills' configs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/5
Clone any website (including React/Vue SPAs) to a standalone HTML file. Includes SPA bundle extraction, image download, VPS nginx deploy, and GitHub push.
● 可疑
安装命令 点击复制
官方npx clawhub@latest install site-cloner
镜像加速npx clawhub@latest install site-cloner --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制