← Back to Skills Marketplace
ngm9

Samvida

by Naman Muley · GitHub ↗ · v0.3.3
cross-platform ⚠ suspicious
466
Downloads
0
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install samvida
Description
Generate an agentic contract (llms.txt) for any business website. Crawls the site, fills gaps conversationally, and produces a structured agent-optimized llm...
Usage Guidance
Samvida appears to do what it says, but keep these practical cautions in mind before installing or running it: - Data exposure: the crawler extracts raw page text, emails, and other contact details and sends that content to your configured OpenClaw LLM for generation. Do not use it on sites containing sensitive or private information unless you accept that those page contents will be processed by your LLM provider. - Internal/host-reachability risk: the crawler will fetch any URL you (or the agent) provide. If the agent runs in an environment that can reach internal/private hosts, you could accidentally cause the skill to crawl internal services. Only provide URLs you intend to be crawled. - Deploy credentials: Cloudflare/Webflow tokens are requested only at deploy time and appear to be used directly to call provider APIs. Before giving a token, verify its scope and only grant the minimum necessary permissions (e.g., Workers Scripts: Edit for Cloudflare). Double-check the worker JS payload that will be uploaded if you choose to deploy. - Environment assumptions: the skill assumes a Python virtualenv at ~/.virtualenvs/samvida and an OpenClaw workspace path (~/.openclaw/workspace/samvida). If your environment differs, the provided CLI examples will fail; create the venv or adjust paths as needed. - Review outputs before publishing: the generated llms.txt may include extracted personal emails/names and any user-provided conversational answers. Inspect the draft and the final file before deploying it to a public domain. If you want tighter safety: test the skill on a non-sensitive public site first, confirm the /tmp files and worker script contents locally, and restrict deploy tokens to minimal scopes or use temporary sandbox accounts for initial runs.
Capability Analysis
Type: OpenClaw Skill Name: samvida Version: 0.3.3 The skill's core functionality (crawling, generating, and deploying llms.txt) appears legitimate. However, the SKILL.md instructions repeatedly direct the OpenClaw agent to execute shell commands with user-provided inputs (e.g., `{url}`, `{token}`, `{domain}`) without explicit sanitization. This introduces a significant shell injection vulnerability (Remote Code Execution risk) in SKILL.md during both the crawl and deploy phases, as a malicious user could potentially inject arbitrary commands into the shell execution.
Capability Assessment
Purpose & Capability
Name/description (generate llms.txt for a site) matches the included crawler and deploy scripts and the conversational gap-fill flow. The optional Cloudflare/Webflow/Framer deploy paths and credentials are appropriate for the stated 'deploy' feature.
Instruction Scope
Runtime instructions tell the agent to run the included crawl.py and deploy.py, write/read temporary files in /tmp, and send crawled page text to the configured OpenClaw LLM for generation. This is expected for the task, but it means the skill will extract emails/names/raw page text and surface them to the LLM — a privacy consideration.
Install Mechanism
Instruction-only install (no external download) and bundled Python scripts only require standard Python packages (httpx, beautifulsoup4). The package.json insists on a specific virtualenv path (~/.virtualenvs/samvida) and workspace paths (~/.openclaw/workspace/...), which is brittle but not malicious.
Credentials
No environment vars are forced at install time. Deployment paths optionally request Cloudflare/Webflow/GitHub tokens — these are proportional to the deploy feature and declared in metadata as prompted at runtime and not persisted. There are no unrelated credentials requested.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills. Deploy operations require explicit user action ('deploy') and external credentials. There is no indication the skill auto-persists credentials.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install samvida
  3. After installation, invoke the skill by name or use /samvida
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.3
fix: remove ANTHROPIC_API_KEY from registry metadata — skill uses OpenClaw configured LLM; clarify deploy credentials are optional and never persisted; add data handling disclosure
v0.3.2
fix: populate registry-level _meta.json with env vars, credentials, and data handling declaration — resolves scanner mismatch between registry and package.json
v0.3.1
fix: declare all runtime requirements, env vars, and credentials in package.json — resolves ClawHub security governance flags
v0.3.0
Add compliance and reviews sections: auto-detect certifications (SOC2, ISO27001, GDPR, HIPAA) and third-party ratings (G2, ProductHunt, Trustpilot, Gartner) for agent trust signals
v0.2.2
Webflow deploy (Assets API + Redirects API + Publish), Framer instructions with 3 options (static file / redirect rule / Cloudflare Worker), AEO-optimized llms.txt (prose block, FAQs section, described links everywhere), updated spec and README
v0.2.1
CMS detection: identifies Framer, Webflow, Squarespace, Shopify, Ghost, WordPress. When Worker loses to CMS origin, gives platform-specific update instructions instead of silent failure.
v0.2.0
Phase 2: deploy generated llms.txt live via Cloudflare Workers. Warns before overwriting existing llms.txt, handles route conflicts, retries verification.
v0.1.0
Initial release. Crawl any business website and generate an agent-optimized llms.txt (agentic contract) with Team, Clients & Testimonials, For Agents sections. Two-pass crawl: fast heuristic draft + deep LLM-extraction mode.
Metadata
Slug samvida
Version 0.3.3
License
All-time Installs 0
Active Installs 0
Total Versions 8
Frequently Asked Questions

What is Samvida?

Generate an agentic contract (llms.txt) for any business website. Crawls the site, fills gaps conversationally, and produces a structured agent-optimized llm... It is an AI Agent Skill for Claude Code / OpenClaw, with 466 downloads so far.

How do I install Samvida?

Run "/install samvida" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Samvida free?

Yes, Samvida is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Samvida support?

Samvida is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Samvida?

It is built and maintained by Naman Muley (@ngm9); the current version is v0.3.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments