功能描述

Static website hosting for AI agents. Get a dedicated <slug>.clawsite.ai URL with HTTPS, deploy a zip of HTML / CSS / JS / images in one API call, atomic ful...

使用说明 (SKILL.md)

Clawsite.ai — Static Website Hosting for AI Agents

Name: Clawsite
Author: dannylai999

When to Use Clawsite

Your agent generates static HTML / CSS / JS / images and wants to publish them as a public URL
You want a zero-config hosting account with HTTPS, CloudFront CDN, and atomic deploys
You want a memorable random URL like happy-otter-42.clawsite.ai (the slug is auto-generated; you can't pick it)

Quick Start

Your sandbox already has an account provisioned. Check these env vars before doing anything else:

Env var	Required?	Purpose
`CLAWSITE_API_KEY`	required	Bearer token for all authenticated endpoints (e.g. `csk_live_...`)
`CLAWSITE_SITE_ID`	required	Your assigned site identifier (e.g. `site_01KQ...`)
`CLAWSITE_URL`	informational	Your live site URL, the one to share with the user (e.g. `https://happy-otter-42.clawsite.ai`). If unset, derive from `GET /v1/sites`.
`CLAWSITE_API_URL`	optional	API base URL. Defaults to `https://api.clawsite.ai` if unset. Dev sandboxes override to `https://api.dev.clawsite.ai`.

If CLAWSITE_API_KEY or CLAWSITE_SITE_ID is unset, see "Standalone Registration" at the bottom.

Examples below use $CLAWSITE_API_URL literally; if it's unset, fall back to https://api.clawsite.ai.

API base: $CLAWSITE_API_URL/v1

All authenticated endpoints require Authorization: Bearer $CLAWSITE_API_KEY.

1. Deploy a directory of static files

The deploy endpoint takes a .zip of your site contents (max 4 MB compressed; expanded contents must fit the per-site quota — see "Quotas" below).

POST $CLAWSITE_API_URL/v1/sites/$CLAWSITE_SITE_ID/deploy Authorization: Bearer $CLAWSITE_API_KEY Content-Type: application/zip

(body: raw bytes of the .zip)

Workflow:

Create your files in a directory:

site/
  index.html
  style.css
  app.js
  images/logo.png

Zip the contents of the directory (no parent directory inside the zip):
```
cd site/ && zip -r ../site.zip .
```

POST the zip:

curl -X POST "$CLAWSITE_API_URL/v1/sites/$CLAWSITE_SITE_ID/deploy" \
  -H "Authorization: Bearer $CLAWSITE_API_KEY" \
  -H "Content-Type: application/zip" \
  --data-binary "@site.zip"

-> Returns: siteId, url, fileCount, sizeBytes, deployedAt (Unix seconds)

{
  "siteId": "site_...",
  "url": "https://happy-otter-42.clawsite.ai",
  "fileCount": 12,
  "sizeBytes": 458231,
  "deployedAt": 1744732800
}

Atomic full-site replacement: any files from the previous deploy that are NOT in the new zip get deleted. Deploy = full snapshot, not incremental upload.

Cache: every deploy automatically invalidates CloudFront cache. Manual purge below is rarely needed.

Routing: the path inside the zip becomes the URL path. index.html at the zip root is served at /. Subdirectories work: images/logo.png is at /images/logo.png. For pretty URLs without .html, name files like about/index.html and link as /about/.

2. Show the user their site

The site is live at $CLAWSITE_URL immediately after a successful deploy. Tell the user:

"Your site is live at $CLAWSITE_URL"

3. Purge CloudFront cache (rarely needed)

POST $CLAWSITE_API_URL/v1/sites/$CLAWSITE_SITE_ID/purge-cache Authorization: Bearer $CLAWSITE_API_KEY

(no body)

-> Returns: siteId, purgedAt

{ "siteId": "site_...", "purgedAt": 1744732800 }

Use this only if the cache is serving stale content unrelated to a deploy. Normal deploys auto-invalidate.

4. List sites and check quota usage

GET $CLAWSITE_API_URL/v1/sites Authorization: Bearer $CLAWSITE_API_KEY

-> Returns: array of { siteId, slug, url, sizeBytes, fileCount, lastDeployAt }

{
  "sites": [{
    "siteId": "site_...",
    "slug": "happy-otter-42",
    "url": "https://happy-otter-42.clawsite.ai",
    "sizeBytes": 458231,
    "fileCount": 12,
    "lastDeployAt": 1744732800
  }]
}

Use this to verify your CLAWSITE_SITE_ID matches and to inspect current usage vs quotas.

Other Endpoints

Delete a site

DELETE $CLAWSITE_API_URL/v1/sites/{siteId} Authorization: Bearer $CLAWSITE_API_KEY

Permanently deletes the site and every file under it. The slug is tombstoned (kept reserved forever) so the URL can never be re-used by another account — this prevents URL takeover of a previously-shared link.

Standalone Registration (no sandbox env vars)

If you're running outside a ZenClaw sandbox and CLAWSITE_API_KEY isn't pre-set, register via email OTP. Verification is delegated to MBID (MixerBox ID).

Step 1 — request a 6-digit code via email:

POST $CLAWSITE_API_URL/v1/register Content-Type: application/json

{ "email": "[email protected]" }

-> Returns: { "challengeId": "\x3CJWT>" }

Step 2 — verify (after the 6-digit code arrives in your inbox):

POST $CLAWSITE_API_URL/v1/register Content-Type: application/json

{ "challengeId": "\x3CJWT from step 1>", "code": "123456" }

-> Returns: accountId, apiKey, and a default sites[] entry. Save the apiKey immediately — it cannot be recovered.

You can also create additional sites later via:

POST $CLAWSITE_API_URL/v1/sites Authorization: Bearer $apiKey

(no body needed; slug is auto-assigned)

Note: in v1 the per-account site quota is 1, so this returns 409 quota_exceeded if you already have one site.

Quotas (v1)

Item	Limit
Sites per account	1
Storage per site	3 MB (uncompressed total)
Max single file	1 MB
Max files per site	100
Max compressed zip body	4 MB
Deploy frequency	10 / hour per account
Purge frequency	5 / hour per account
Bandwidth	unlimited

Allowed file extensions: html, css, js, json, svg, png, jpg, jpeg, gif, webp, ico, woff2, txt, md.

Anything else (e.g. .php, .exe, .py) → 400 unsupported_extension.

Errors

All errors return JSON:

{ "error": { "code": "\x3Cmachine-code>", "message": "\x3Chuman-readable>" } }

Code	HTTP	Cause
`unauthorized`	401	Missing or invalid API key
`missing_fields`	400	Required fields absent or malformed (e.g. invalid email shape on register)
`not_found`	404	Site doesn't belong to your account, or doesn't exist
`quota_exceeded`	409	Sites limit, storage limit, or rate limit hit
`unsupported_extension`	400	File extension not in the whitelist above
`file_too_large`	400	Single file > 1 MB, or zip body > 4 MB
`invalid_zip`	400	Body not a valid zip, missing body, or contains paths with `..` / absolute paths
`mbid_error`	upstream	Forwarded from MBID's email-verify endpoints (`mx_record_not_found`, `domain_typo`, `too_many_request`, `incorrect_verification_code`) — only relevant during email registration

Idempotency note: /v1/register is idempotent on MBID identity. Re-calling it with the same MBID-verified email (or partner-mode mbidUserId) returns the existing accountId, the same apiKey that was issued on first register, and the existing sites. There is no rotation API; if you need a fresh key, DELETE the site and re-register.

安全使用建议

Install this only if you want an agent to publish static content to a public Clawsite URL. Keep the Clawsite API key secret, review generated content before deployment when needed, require explicit confirmation before permanent deletion, and avoid letting the agent use or follow the bundled AWS/Terraform operational instructions.

功能分析

Type: OpenClaw Skill Name: clawsite-ai Version: 1.0.2 The skill bundle describes a legitimate static website hosting service (clawsite.ai) designed for AI agents. The documentation (SKILL.md) and internal developer notes (CLAUDE.md) outline a standard AWS-based architecture using S3, CloudFront, and DynamoDB, with dependencies like yauzl for zip handling. There is no evidence of malicious intent, data exfiltration, or harmful prompt injection; the instructions are strictly focused on deploying and managing static web content via a REST API.

能力标签

requires-oauth-tokenrequires-sensitive-credentials

能力评估

ℹ Purpose & Capability

The core purpose is clear and purpose-aligned: it lets an agent publish static HTML/CSS/JS/images to a public Clawsite URL. Users should notice that deploys are public and replace the whole site snapshot.

⚠ Instruction Scope

Beyond the normal SKILL.md hosting instructions, CLAUDE.md contains operational commands for Terraform, AWS Lambda updates, and partner-secret retrieval. Those instructions are not needed for an end-user static-site hosting skill and create an overbroad instruction surface if exposed to an agent.

ℹ Install Mechanism

There is no install spec and no code files are present, so there is no automatic local install or execution path in the provided artifacts. The included package.json is not tied to an install step in the supplied metadata.

⚠ Credentials

The declared Clawsite API key and site ID are expected for the service, but CLAUDE.md also documents AWS CLI workflows that would implicitly use local AWS credentials and retrieve a partner secret, which exceeds the normal user-facing purpose.

ℹ Persistence & Privilege

The skill can create persistent public website state, atomically replace all files on deploy, purge cache, and documents a permanent delete endpoint. These are disclosed and related to hosting, but users should ensure the agent only performs them when intended.

版本历史

v1.0.2

- Changelog for version 1.0.2: - Updated documentation for the registration endpoint's idempotency: clarified that `/v1/register` with an existing MBID identity always returns the same `apiKey` and `sites`, and there is no API key rotation. - Minor improvements to the description and formatting for clarity. - No API or behavioral changes; this is a documentation update only.

v1.0.1

- Improved `/v1/register` endpoint idempotency: repeated calls with the same email now return the same `apiKey` and `sites`, making re-provisioning reliable. - Clarified SKILL.md documentation for the registration and recovery flows. - No functional API changes aside from the stable key re-provisioning guarantee.

v1.0.0

Initial release of clawsite-ai — static web hosting for AI agents. - Provides instant, HTTPS-enabled subdomains for AI-generated static sites (HTML/CSS/JS/images) via atomic zip uploads. - Features seamless API for full-site deploys, CDN cache auto-invalidation, and easy quota inspection. - Includes public site URLs, pretty routing, and free-tier signup with no credit card. - Site management supports deploy, purge cache, delete site, and standalone registration using email OTP. - Enforces generous, well-documented quotas and strict extension/file size limits for reliability.

元数据

Slug clawsite-ai

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Clawsite 是什么？

Static website hosting for AI agents. Get a dedicated <slug>.clawsite.ai URL with HTTPS, deploy a zip of HTML / CSS / JS / images in one API call, atomic ful... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 83 次。

如何安装 Clawsite？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawsite-ai」即可一键安装，无需额外配置。

Clawsite 是免费的吗？

是的，Clawsite 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Clawsite 支持哪些平台？

Clawsite 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Clawsite？

由 danny lai（@dannylai999）开发并维护，当前版本 v1.0.2。

Clawsite