← 返回 Skills 市场

sitemd

Name: sitemd
Author: tyler-berggren

作者 Tyler Berggren · GitHub ↗ · v0.1.3 · MIT-0

cross-platform ⚠ suspicious

159

总下载

当前安装

版本数

在 OpenClaw 中安装

/install sitemd

功能描述

Build and manage websites from Markdown. Create pages, generate content, configure settings, and deploy — all through MCP tools.

安全使用建议

This skill mostly looks like what it says (site management from Markdown), but it instructs the agent to download and run a binary via an installer script that is not included or documented. Before installing or running this skill: 1) Ask the publisher for the exact install URL(s), release host (GitHub release, official domain), and checksum/signature for the binary; 2) Prefer providing an API key (SITEMD_TOKEN) with minimal scope over live magic-link flows for automation; 3) Do not run unknown installers on a production machine—test in an isolated environment or container first; 4) If you cannot obtain a verifiable install source and integrity information, treat the installer step as high risk and avoid running it; 5) Request the skill maintainer to include an explicit install spec (trusted URL, checksum) or provide source code you can audit.

功能分析

Type: OpenClaw Skill Name: sitemd Version: 0.1.3 The skill instructions in SKILL.md require the agent to execute a bootstrap script (./sitemd/install) to download and run an external binary (./sitemd/sitemd), which is a high-risk pattern for supply chain attacks and remote code execution. Additionally, the tool includes a 'sitemd_clone' function and handles sensitive authentication via magic links and environment variables (SITEMD_TOKEN), which could be leveraged for phishing or credential theft if the underlying binary is compromised. While these features are plausibly related to website management, the lack of transparency in the installation process is a significant security concern.

能力标签

requires-sensitive-credentials

能力评估

ℹ Purpose & Capability

Name/description align with the actions described in SKILL.md (creating pages, building, deploying). The declared primary credential SITEMD_TOKEN fits the claimed API-key-based automation. Minor mismatch: registry metadata lists no required binaries, yet the instructions expect a local ./sitemd/sitemd binary (or an ./sitemd/install script to fetch it). This could be legitimate (tool shipped per-project) but should be explained.

⚠ Instruction Scope

Instructions ask the agent to read project files (pages/, settings/, etc.) which is expected, and to perform auth via magic links (sitemd_auth_login + poll) which is plausible. However, the SKILL.md explicitly directs running an installer (./sitemd/install) to download a binary if none exists; the instructions give no source, checksum, or validation step. That step would let the skill fetch and execute arbitrary code at runtime and is out-of-band relative to the metadata provided.

⚠ Install Mechanism

There is no install spec in the registry (instruction-only), but the SKILL.md instructs running a bootstrap script to download a compiled binary. Because the skill package contains no code, the agent would need to fetch the installer/binary from the network at runtime; the SKILL.md does not specify trusted hosts, release URLs, or integrity checks. This is the highest-risk element of the skill.

✓ Credentials

The only declared credential is SITEMD_TOKEN (primaryEnv), and the SKILL.md explains using either magic links or creating API keys for automation. No unrelated secrets or filesystem config paths are requested. The credential request appears proportionate to the advertised functionality.

✓ Persistence & Privilege

always is false and the skill does not declare any system-wide persistence or modification of other skills. The skill can be invoked autonomously (default), which is normal; no privilege escalation or 'always' inclusion is requested.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install sitemd
安装完成后，直接呼叫该 Skill 的名称或使用 /sitemd 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.3

sitemd 0.1.3 - No code or documentation changes detected in this release. - Version increment without file modifications.

v0.1.2

No changes detected in this version. - Version 0.1.2 does not introduce any file or documentation updates.

v0.1.1

Version 0.1.1 - No file changes detected in this release. - Functionality and documentation remain unchanged.

v0.1.0

Initial release of sitemd – build and manage Markdown-based websites using MCP tools. - Create, manage, and deploy static websites entirely from Markdown files. - Includes a suite of MCP tools for content creation, validation, deployment, SEO, and more. - Supports email magic link logins and API key authentication. - Flexible project structure with dedicated folders for content, configuration, themes, media, and output. - Enhanced Markdown features: buttons, cards, embeds, galleries, tooltips, modals, forms, and more. - Structured content types for pages, docs, blogs, changelogs, and roadmaps.

元数据

Slug sitemd

版本 0.1.3

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

sitemd 是什么？

Build and manage websites from Markdown. Create pages, generate content, configure settings, and deploy — all through MCP tools. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 159 次。

如何安装 sitemd？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install sitemd」即可一键安装，无需额外配置。

sitemd 是免费的吗？

是的，sitemd 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

sitemd 支持哪些平台？

sitemd 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 sitemd？

由 Tyler Berggren（@tyler-berggren）开发并维护，当前版本 v0.1.3。