← 返回 Skills 市场
Site Cloner
作者
michelle447
· GitHub ↗
· v1.0.0
· MIT-0
131
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install site-cloner
功能描述
Clone any live website into a self-contained, dependency-free HTML file with all content, styles, fonts, and images extracted and preserved. Use when asked t...
安全使用建议
This skill appears to implement a website cloner, but it contains several red flags you should consider before using it:
- Hard-coded local paths and credentials: The instructions reference C:\Users\MJ\.openclaw\workspace and C:\Users\MJ\.ssh\vps_key and even a specific VPS IP (187.124.92.226) and GitHub user. Those are example values but could cause accidental use of your own keys/paths if run without careful review.
- Implicit credential access: The skill will call ssh/scp and gh/git commands and expects an SSH key at a path. The skill metadata declares no credentials or config paths — that mismatch is concerning. If you run it, verify it will not read your ~/.ssh or any secret files, and never let it access keys you care about.
- Undeclared required binaries: The metadata lists no required binaries, but the instructions require git, gh (GitHub CLI), ssh and scp and PowerShell's Invoke-WebRequest. Ensure these are present and that the agent will not run commands with elevated privileges automatically.
- Network and data exfiltration risk: The skill downloads JS/CSS and mines strings — this can accidentally extract secrets or proprietary text. It also offers to push to a private GitHub repo and to upload files to remote VPS hosts; double-check destinations and consider using throwaway credentials or sandboxed systems.
- What to ask the author or change before use: remove or parameterize any hard-coded paths/hosts, add explicit prompts and confirmations before accessing ~/.ssh or performing network pushes, declare required binaries and any env vars, and avoid embedding example real IPs/usernames. Prefer running this in a disposable VM/container and using a throwaway SSH key/GitHub repo for testing.
If you do test it, run it offline or in a sandbox, replace example remote targets with safe test endpoints, and review every generated command before execution. If you are not comfortable auditing these operations, consider using well-known mirroring tools (wget --mirror, httrack) run by a human instead.
功能分析
Type: OpenClaw Skill
Name: site-cloner
Version: 1.0.0
The skill contains hardcoded infrastructure and credentials that redirect cloned data to specific external targets. SKILL.md specifies a hardcoded VPS IP (187.124.92.226), a GitHub account (michelle447), and a local SSH key path (C:\Users\MJ\.ssh\vps_key) for deployment. While the stated purpose is site cloning, the logic is hardwired to execute root-level SSH commands and push content to these specific locations, which could lead to unauthorized data transfer or remote execution on the specified VPS if the user possesses the required keys.
能力标签
能力评估
Purpose & Capability
The skill's goal—fetching HTML/JS/CSS and assembling a standalone HTML file—is consistent with the instructions. However, the SKILL.md includes unrelated hard-coded local paths (C:\Users\MJ\.openclaw\workspace, C:\Users\MJ\.ssh\vps_key), a concrete VPS IP (187.124.92.226) and example GitHub user (michelle447). These examples go beyond 'how to clone a site' and imply specific local credentials/endpoints that are not justified by the general purpose.
Instruction Scope
Instructions tell the agent to download JS/CSS bundles and mine them for strings and image paths (expected), but also to read/write specific local filesystem locations, use a local SSH private key, scp/ssh to a hard-coded remote host, and push to GitHub. The SKILL.md never instructs the agent to prompt the user before using local keys or remote hosts, nor does it limit what local files to access. Mining JS bundles via regex may also inadvertently capture sensitive strings present in bundles (tokens, endpoints).
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. No packages are downloaded/installed by the skill itself. The main risk is runtime behavior, not installation.
Credentials
The metadata declares no required env vars or credentials, but the runtime instructions implicitly require and access sensitive local artifacts (private SSH key at a specific path) and external tooling (git, gh, ssh, scp) without declaring them. This mismatch (no declared credentials but explicit use of ~/.ssh and pushes to GitHub) is incoherent and increases the chance of accidental credential exposure or misuse. The skill also references a specific remote IP and port allocations, which is unexpected for a general-purpose cloner.
Persistence & Privilege
always is false and the skill is not force-included. It can run autonomously by default, which is normal. The real privilege concern is that the instructions perform network operations (scp/ssh, gh push) and write files to disk; combined with implicit use of local SSH keys this increases blast radius if the agent invokes the skill without explicit user consent. The skill does not request altering other skills' configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install site-cloner - 安装完成后,直接呼叫该 Skill 的名称或使用
/site-cloner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Clone any website (including React/Vue SPAs) to a standalone HTML file. Includes SPA bundle extraction, image download, VPS nginx deploy, and GitHub push.
元数据
常见问题
Site Cloner 是什么?
Clone any live website into a self-contained, dependency-free HTML file with all content, styles, fonts, and images extracted and preserved. Use when asked t... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 131 次。
如何安装 Site Cloner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install site-cloner」即可一键安装,无需额外配置。
Site Cloner 是免费的吗?
是的,Site Cloner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Site Cloner 支持哪些平台?
Site Cloner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Site Cloner?
由 michelle447(@michelle447)开发并维护,当前版本 v1.0.0。
推荐 Skills