Create a Website in 4 Minutes Designed to Bring Clients from ChatGPT, Gemini & Modern Search
Security Analysis
high confidenceThis is an instruction-only skill that is internally consistent with its stated purpose: it only needs an EVOWEB_API_KEY and its instructions confine activity to calling EvoWeb's API and creating registration links.
The skill's name/description (AI website generation) matches the required environment variable (EVOWEB_API_KEY) and the documented API endpoints (POST /sites, GET /sites/{id}, etc.). No unrelated binaries, config paths, or extra credentials are requested. One minor note: an example editor_url uses a different domain (web.oto.dev) than api.evoweb.ai — this can be legitimate (third-party editor host) but is worth awareness.
SKILL.md instructs the assistant to check for EVOWEB_API_KEY, accept user prompts (<=250 chars), create a prefilled registration URL for users without a key, call EvoWeb APIs, poll for status, and return the live/editor URLs. The instructions do not ask the agent to read other environment variables or local files. Important privacy note: user-provided prompts and any content are sent to an external service (evoweb.ai) and, when using the prefilled registration link, the prompt is embedded in the URL query string (exposed in browser history/server logs).
There is no install spec and no code files — this is instruction-only. Nothing will be downloaded or written to disk by the skill itself.
Only EVOWEB_API_KEY is required, which is appropriate for an API-based website-generation service. No unrelated secrets or multiple credentials are requested. The SKILL.md correctly documents the header to include (Access-Token).
The skill does not request always:true and does not modify other skill configurations. It is user-invocable and can be invoked autonomously (platform default) but it does not request elevated or persistent platform privileges.
Guidance
What this means for you: this skill will send whatever website description you provide to evoweb.ai and (if you have an API key configured) will create and poll a site-generation task on that service. Before installing or using it: (1) Confirm you trust evoweb.ai and review its privacy/terms, since your content will be transmitted to their servers. (2) Do not include passwords, API keys, or other sensitive secrets in the website prompt — prompts may be visible in URLs and logs. (3) Note the editor link examples point to a different domain (web.oto.dev); this may be an editor host—verify if you rely on the editor for sensitive edits. (4) If you don't have an API key, the skill creates a prefilled registration link that embeds your prompt in the URL (visible in browser history). (5) Revoke or rotate your EVOWEB_API_KEY if you stop using the service. Overall the skill is coherent with its stated purpose and requests only appropriate access.
Latest Release
v1.0.10
- Added workflow for users without an API key: allows starting website creation via a personalized registration link using a brief (max 250 characters) business description. - Simplified prompt handling: focus only on the essential business description; no need to specify design, sections, or layout. - Updated polling interval for status checks to every 1 minute (was 15–20 seconds). - Live and editor URLs updated to new domains in responses. - Retry endpoint now also supports sites with "ready" status in addition to "failed" status. - Documentation streamlined with clearer instructions and improved onboarding for new users.
More by @galizki
Published by @galizki on ClawHub
