← Back to Skills Marketplace
163
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install uwvwko-web-front
Description
网站前端生成技能。根据用户需求生成HTML/CSS/JS前端页面, 自动保存到指定目录并在浏览器中打开预览。 学习主流网站的设计并记录在学习资源目录中。
Usage Guidance
This skill is coherent with a web front-end generator, but take these precautions before installing or granting it broad access: 1) Inspect SKILL.md raw bytes (or view hidden/unicode control characters) to ensure there are no hidden instructions or obfuscated content. The scanner flagged unicode-control-chars which can hide text. 2) Confirm what {baseDir} will resolve to in your environment. The skill uses rm -rf "{baseDir}/html/{项目名}" and other file-system operations — ensure baseDir is restricted to a sandbox or test folder so deletions can't affect important data. 3) Limit the skill's write/read permissions to the intended directory (chroot, container, or explicit path mapping) and do a test run in an isolated environment first. 4) Consider disabling or restricting shell command execution that opens the system browser if you run in an environment where those commands have broader side effects. 5) Because the package is instruction-only, review the provided learning/ and html/ files (they are included) for unexpected remote endpoints or obfuscated scripts. If you want higher assurance, run the skill in a disposable VM/container and verify its behavior before use in production.
Capability Analysis
Type: OpenClaw Skill
Name: uwvwko-web-front
Version: 1.0.0
The skill bundle implements a web front-end generator with extensive file management capabilities, including the use of high-risk system commands like 'rm -rf' for project deletion and 'start/open/xdg-open' for browser previews (SKILL.md). While these features align with the stated purpose, the instructions lack explicit safeguards or sanitization for user-provided project names, creating a significant surface for path traversal or unintended file deletion. Additionally, the 'learning mechanism' involves the agent autonomously reading and updating local markdown files, which could be exploited via prompt injection to manipulate the agent's behavior or access unauthorized directories.
Capability Assessment
Purpose & Capability
Name/description (generate HTML/CSS/JS, save to html/, open preview, learn from examples) align with the included files and declared behavior. No unrelated credentials, binaries, or installs are requested. The provided learning materials and HTML templates are consistent with a front-end generator.
Instruction Scope
Runtime instructions read/write files under {baseDir}/html and learning/, list/modify/delete projects, and run platform shell commands to open files in the browser (start/open/xdg-open). Those actions are expected for this purpose, but the SKILL.md includes an rm -rf "{baseDir}/html/{项目名}" delete command and instructions to read and update local files — which are powerful operations. If {baseDir} is misresolved or attacker-controlled, deletion or overwriting outside the intended tree is possible. Also, a prompt-injection pattern (unicode-control-chars) was detected inside SKILL.md, which could be used to hide instructions or manipulate parsers.
Install Mechanism
Instruction-only skill with no install spec or external downloads. Lowest install risk: nothing is written to disk at install time beyond the skill's own generated files when invoked.
Credentials
No environment variables, credentials, or config paths are requested. The skill's declared needs are minimal and proportional to its stated function.
Persistence & Privilege
always is false and the skill is user-invocable; autonomous invocation is allowed by default (platform-normal). The skill does request file-system operations (read/write/delete/mv) within the baseDir and to open system browser via shell commands. Combined with the rm -rf guidance and the prompt-injection signal, this elevates the need for sandboxing and restricted permissions, though the skill does not request persistent elevated privileges itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install uwvwko-web-front - After installation, invoke the skill by name or use
/uwvwko-web-front - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- 初始版本发布,包含网页前端自动生成与管理功能
- 支持根据用户描述生成 HTML/CSS/JS 静态网页,并自动保存到指定目录
- 提供一键浏览器预览、项目创建、修改、重命名、删除等常用操作
- 内置主流设计学习机制,自动记录和应用前端设计最佳实践
- 附带质量检查清单和常用页面类型说明,便于规范化开发
- 管理命令速查表,方便网站项目维护
Metadata
Frequently Asked Questions
What is web-front?
网站前端生成技能。根据用户需求生成HTML/CSS/JS前端页面, 自动保存到指定目录并在浏览器中打开预览。 学习主流网站的设计并记录在学习资源目录中。 It is an AI Agent Skill for Claude Code / OpenClaw, with 163 downloads so far.
How do I install web-front?
Run "/install uwvwko-web-front" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is web-front free?
Yes, web-front is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does web-front support?
web-front is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created web-front?
It is built and maintained by uwvwko (@uwvwko-zzz); the current version is v1.0.0.
More Skills