← 返回 Skills 市场
82
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install amys-website-factory
功能描述
Self-contained website factory skill for scaffold, build, test, deploy
使用说明 (SKILL.md)
amys-website-factory skill
Provides a self-contained OpenClaw skill that exposes the website factory bundled in this skill's factory/ folder as a reusable skill.
Capabilities
- create new site from template
- list existing sites
- run headless checks (dev server + Playwright smoke)
- publish/deploy helper wrappers (Vercel scripts wrapper)
Usage
- Use this skill when you want programmatic access to the factory: spawning builds, running tests, or creating site repos.
Implementation notes
- The skill is a lightweight wrapper around the existing scripts and templates in the
workspace. It intentionally delegates heavy work to those scripts (
scripts/*.sh) so the skill remains declarative and safe.
Paths
- Factory root (bundled): factory/
Documentation bundled in skill:
- docs/DESIGN_GUIDE.md — theming + Tailwind integration (CSS-vars + tailwind config snippet)
- docs/PACKS_RESEARCH.md — recommended component packs and tradeoffs (shadcn, Radix, Tailwind UI, Flowbite, etc.)
- docs/WORKFLOW.md — agent workflow (brief → scaffold → verify → deploy)
- docs/COPYWRITING.md — copy templates and SEO metadata
Action examples
- List sites: run
node index.js list(shows bundled example sites) - Create new site:
node index.js create \x3Cname>(scaffolds Next.js + Tailwind, injects theme vars) - Run checks:
node index.js check \x3Cname>(headless verify wrapper) - Deploy:
node index.js deploy \x3Cname> --prod(requires explicit credentials/approval)
Security
- Non-destructive by default. Any deploy/publish actions require explicit approval or user-provided credentials (Vercel token, git remote).
Contact
- AMY (assistant) — use sessions_spawn or run scripts in a spawned subagent for long jobs.
安全使用建议
This bundle is plausibly a legitimate 'website factory' and contains the scaffolds and scripts you'd expect (scaffold, verify, deploy). Before installing or enabling it for autonomous use, do the following:
- Inspect index.js (entry) to confirm how it invokes scripts and whether it prompts for explicit approval before any network or deploy steps.
- Expect the publish/deploy scripts to call external CLIs: 'vercel' (optionally reads VERCEL_TOKEN), 'gh' (GitHub CLI) and git (SSH). Do NOT provide long-lived credentials globally without review. Prefer ephemeral tokens or limit-scope tokens.
- If you plan to let an agent run this skill, either disable autonomous invocation for this skill or require manual approval for any deploy/publish action. The SKILL.md's prose saying 'requires explicit approval' is not enforced by the manifest.
- Run the skill inside a sandboxed environment (container or disposable VM) the first few times: the scripts will create directories, run npx/npm (network), start servers on local ports, and write artifacts to factory/artifacts.
- If you will use GitHub/Vercel integration, verify that the skill only uses tokens you intend and that it won’t leak them (scan index.js and scripts for any code that sends tokens to external endpoints beyond vercel/gh). Look for any unexpected network endpoints in index.js or backend code (e.g., POSTs to unknown hosts).
- If you are not comfortable granting repo or deploy rights, keep credentials out of the agent environment and perform publish/deploy steps manually.
If you want, I can open and analyze index.js and any other specific files (e.g., backend/main.py) to confirm exactly how credentials are read, how deploy decisions are gated, and whether there are hidden outbound network calls.
功能分析
Type: OpenClaw Skill
Name: amys-website-factory
Version: 1.0.0
The skill bundle provides a comprehensive toolkit for scaffolding, testing, and deploying Next.js websites. It uses a Node.js wrapper (index.js) to orchestrate shell scripts (factory/scripts/) and standard developer tools like the GitHub CLI (gh) and Vercel CLI. While the skill possesses high-privilege capabilities such as executing shell commands, cloning repositories, and deploying code, these actions are strictly aligned with its stated purpose as a 'website factory.' The example sites and the Python FastAPI backend (factory/sites/waifu-chatroom/backend/) contain standard implementations for AI-driven features like STT and TTS without any evidence of malicious intent, data exfiltration, or subversion of the agent's instructions.
能力标签
能力评估
Purpose & Capability
Name/description match the included payload: templates, scaffolding, verify and deploy scripts, and example sites are all present. The code and scripts are consistent with a website factory. However the skill's published metadata lists no required env vars or primary credential even though deploy/publish scripts accept VERCEL_TOKEN and call 'gh'/'vercel' CLIs — an omission that deserves attention.
Instruction Scope
SKILL.md tells the agent to run node index.js commands which wrap the bundled shell scripts. Those scripts perform filesystem writes (scaffold a repo, write README, artifacts/), run network operations (npx create-next-app, npm install, npm run build), start local servers, run headless tests, and call external CLIs (‘vercel’, ‘gh’) to link/create/push repos and deploy. While these actions are within the stated purpose, they are potentially destructive/networked and rely on credentials/CLIs not declared in the skill metadata. The SKILL.md promises explicit approval is required for deploys, but there is no enforcement mechanism in the metadata — that's a risk if an agent runs these autonomously.
Install Mechanism
No install spec — the skill is bundled and instruction/code-only. Nothing in the manifest downloads or extracts remote archives; all code is included in the bundle, which lowers install-time supply-chain risk. Scripts do call external package registries (npx/npm) at runtime, which is expected for scaffolding.
Credentials
Declared requirements: none. Actual usage: scripts reference VERCEL_TOKEN (optional in deploy-site.sh), call 'gh' (GitHub CLI) and 'vercel' CLIs, and push via [email protected] (SSH). Those imply needing Vercel tokens, GitHub credentials (gh or SSH keys), and network access. The skill should have declared these env/credential needs (VERCEL_TOKEN, GH_TOKEN/SSH) but did not. That mismatch increases the chance an agent could attempt to use credentials that the user hasn’t anticipated.
Persistence & Privilege
The skill does not force permanent inclusion (always: false) and does not request to modify other skills. It writes artifacts under factory/artifacts and scaffolds site repos on disk — normal for this purpose. However, because model invocation is enabled by default (not disabled) and the skill can execute actions that push to remote services, the combination of autonomous invocation and undeclared credential usage is something to be cautious about (SKILL.md claims explicit approval is required but that is an instruction, not an enforced guard).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install amys-website-factory - 安装完成后,直接呼叫该 Skill 的名称或使用
/amys-website-factory触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of amys-website-factory.
- Provides a skill to scaffold, test, and deploy websites using built-in templates and scripts.
- Supports creating new sites, listing existing ones, running headless checks, and deployment via helper scripts.
- Bundles documentation on theming, component packs, workflows, and copywriting.
- Deploy and publish actions require explicit credentials or approval for safety.
- Designed to programmatically automate website creation and management tasks.
元数据
常见问题
Amys Website Factory 是什么?
Self-contained website factory skill for scaffold, build, test, deploy. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 82 次。
如何安装 Amys Website Factory?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install amys-website-factory」即可一键安装,无需额外配置。
Amys Website Factory 是免费的吗?
是的,Amys Website Factory 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Amys Website Factory 支持哪些平台?
Amys Website Factory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Amys Website Factory?
由 Krzysztof(@genortg)开发并维护,当前版本 v1.0.0。
推荐 Skills