# Add to your Claude Code skills
git clone https://github.com/mggger/WebCraftLast scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@ai-sdk/anthropic: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@ai-sdk/provider-utils: @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@ai-sdk/react: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@ai-sdk/ui-utils: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@cloudflare/vite-plugin: Cloudflare Vite plugin exposes secrets over the built-in dev server",
"severity": "high"
},
{
"type": "npm-audit",
"message": "agents: Cloudflare Agents SDK has Insecure Direct Object Reference (IDOR) via Header-Based Email Routing",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ai: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion Regular Expression Denial of Service vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "cookie: cookie accepts cookie name, path, and domain with out of bounds characters",
"severity": "low"
},
{
"type": "npm-audit",
"message": "craftjs: Vulnerability found",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "defu: defu: Prototype pollution via `__proto__` key in defaults argument",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ejs: ejs template injection vulnerability",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "jsondiffpatch: jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "miniflare: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "rollup: Rollup 4 has Arbitrary File Write via Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "undici: Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vite: Vite bypasses server.fs.deny when using ?raw??",
"severity": "high"
},
{
"type": "npm-audit",
"message": "workers-ai-provider: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "wrangler: Wrangler affected by OS Command Injection in `wrangler pages deploy`",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "yaml: yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "youch: Vulnerability found",
"severity": "low"
}
],
"status": "FAILED",
"scannedAt": "2026-05-30T16:06:57.825Z",
"npmAuditRan": true,
"pipAuditRan": true
}WebCraft is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by mggger. Web builder AI-Agent. It has 150 GitHub stars.
WebCraft failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/mggger/WebCraft" and add it to your Claude Code skills directory (see the Installation section above).
WebCraft is primarily written in TypeScript. It is open-source under mggger on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh WebCraft against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
An AI-powered web design agent that dynamically generates web pages and provides real-time interactive editing capabilities for each component.
Install dependencies
npm install
Configure Cloudflare R2
Modify wrangler.toml to bind your Cloudflare R2 bucket:
[[r2_buckets]]
binding = "R2_BUCKET"
bucket_name = "your-bucket-name"
Configure Environment Variables
Update the variables in wrangler.toml:
[vars]
ANTHROPIC_API_KEY = "your-anthropic-api-key"
R2_ENDPOINT_URL = "https://your-r2-custom-domain.com"
IMPORTANT: Ensure your R2_ENDPOINT_URL allows cross-origin access (CORS). This is critical as the generated web pages will need to access images from this endpoint. Without proper CORS configuration, the images won't display correctly.
To run the application locally:
npm start
This will start the development server with hot reloading enabled.
To deploy the application to Cloudflare:
npm run deploy
This command builds the application and deploys it to Cloudflare in one step.
This project utilizes advanced AI agent technology to dynamically generate web pages. Key features include:
Dynamic Web Page Generation: AI-powered creation of responsive web layouts based on user requirements
Real-time Component Editing: Each UI component can be edited interactively in the browser
WebSocket Real-time Status Updates: Provides immediate feedback during the design generation process
Cloudflare-based Architecture: Built on Cloudflare's infrastructure for reliability and performance