← 返回 Skills 市场
uwvwko-zzz

web-front

作者 uwvwko · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
163
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install uwvwko-web-front
功能描述
网站前端生成技能。根据用户需求生成HTML/CSS/JS前端页面, 自动保存到指定目录并在浏览器中打开预览。 学习主流网站的设计并记录在学习资源目录中。
安全使用建议
This skill is coherent with a web front-end generator, but take these precautions before installing or granting it broad access: 1) Inspect SKILL.md raw bytes (or view hidden/unicode control characters) to ensure there are no hidden instructions or obfuscated content. The scanner flagged unicode-control-chars which can hide text. 2) Confirm what {baseDir} will resolve to in your environment. The skill uses rm -rf "{baseDir}/html/{项目名}" and other file-system operations — ensure baseDir is restricted to a sandbox or test folder so deletions can't affect important data. 3) Limit the skill's write/read permissions to the intended directory (chroot, container, or explicit path mapping) and do a test run in an isolated environment first. 4) Consider disabling or restricting shell command execution that opens the system browser if you run in an environment where those commands have broader side effects. 5) Because the package is instruction-only, review the provided learning/ and html/ files (they are included) for unexpected remote endpoints or obfuscated scripts. If you want higher assurance, run the skill in a disposable VM/container and verify its behavior before use in production.
功能分析
Type: OpenClaw Skill Name: uwvwko-web-front Version: 1.0.0 The skill bundle implements a web front-end generator with extensive file management capabilities, including the use of high-risk system commands like 'rm -rf' for project deletion and 'start/open/xdg-open' for browser previews (SKILL.md). While these features align with the stated purpose, the instructions lack explicit safeguards or sanitization for user-provided project names, creating a significant surface for path traversal or unintended file deletion. Additionally, the 'learning mechanism' involves the agent autonomously reading and updating local markdown files, which could be exploited via prompt injection to manipulate the agent's behavior or access unauthorized directories.
能力评估
Purpose & Capability
Name/description (generate HTML/CSS/JS, save to html/, open preview, learn from examples) align with the included files and declared behavior. No unrelated credentials, binaries, or installs are requested. The provided learning materials and HTML templates are consistent with a front-end generator.
Instruction Scope
Runtime instructions read/write files under {baseDir}/html and learning/, list/modify/delete projects, and run platform shell commands to open files in the browser (start/open/xdg-open). Those actions are expected for this purpose, but the SKILL.md includes an rm -rf "{baseDir}/html/{项目名}" delete command and instructions to read and update local files — which are powerful operations. If {baseDir} is misresolved or attacker-controlled, deletion or overwriting outside the intended tree is possible. Also, a prompt-injection pattern (unicode-control-chars) was detected inside SKILL.md, which could be used to hide instructions or manipulate parsers.
Install Mechanism
Instruction-only skill with no install spec or external downloads. Lowest install risk: nothing is written to disk at install time beyond the skill's own generated files when invoked.
Credentials
No environment variables, credentials, or config paths are requested. The skill's declared needs are minimal and proportional to its stated function.
Persistence & Privilege
always is false and the skill is user-invocable; autonomous invocation is allowed by default (platform-normal). The skill does request file-system operations (read/write/delete/mv) within the baseDir and to open system browser via shell commands. Combined with the rm -rf guidance and the prompt-injection signal, this elevates the need for sandboxing and restricted permissions, though the skill does not request persistent elevated privileges itself.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install uwvwko-web-front
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /uwvwko-web-front 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- 初始版本发布,包含网页前端自动生成与管理功能 - 支持根据用户描述生成 HTML/CSS/JS 静态网页,并自动保存到指定目录 - 提供一键浏览器预览、项目创建、修改、重命名、删除等常用操作 - 内置主流设计学习机制,自动记录和应用前端设计最佳实践 - 附带质量检查清单和常用页面类型说明,便于规范化开发 - 管理命令速查表,方便网站项目维护
元数据
Slug uwvwko-web-front
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

web-front 是什么?

网站前端生成技能。根据用户需求生成HTML/CSS/JS前端页面, 自动保存到指定目录并在浏览器中打开预览。 学习主流网站的设计并记录在学习资源目录中。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 163 次。

如何安装 web-front?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install uwvwko-web-front」即可一键安装,无需额外配置。

web-front 是免费的吗?

是的,web-front 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

web-front 支持哪些平台?

web-front 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 web-front?

由 uwvwko(@uwvwko-zzz)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论