ClawHub

Xiaopi Superdesign

v1.0.0

Expert frontend design guidelines for creating beautiful, modern UIs. Use when building landing pages, dashboards, or any user interface.

0· 73·1 current·1 all-time
byAdin@a-din
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (frontend design guidance) align with the content: layout, theme, animation, and implementation rules. The skill does not request unrelated resources (no env vars, binaries, or installs). Minor metadata inconsistencies exist between registry metadata (slug/owner) and _meta.json (different slug/ownerId), which looks like a copy/paste or packaging oversight but does not change the skill's behavior.
Instruction Scope
SKILL.md stays on-topic (design patterns, CSS snippets, animation syntax, accessibility). It recommends loading third‑party CDN resources (Tailwind via cdn.tailwindcss.com, Flowbite via jsDelivr, Lucide via unpkg) and using Unsplash/placehold.co for images — normal for front-end prototyping but these are external endpoints that will serve third‑party code/assets if a developer follows them. Advice: for production use, prefer vetted packages, lock versions, and review third‑party scripts before including.
Install Mechanism
No install spec and no code files — lowest-risk, no files are written to disk by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. There is no unexplained access to secrets or system config.
Persistence & Privilege
always is false and model invocation defaults are unchanged. The skill does not request persistent/system privileges or modify other skills; its runtime surface is instruction-only.
Assessment
This skill is an on-topic frontend design guide and appears safe to use. Things to consider before installing/using: 1) The included examples point to third‑party CDNs (unpkg/jsDelivr/Tailwind CDN) — these load remote JS/CSS which can execute third‑party code; acceptable for quick prototypes but audit and pin versions before using in production. 2) There are minor metadata mismatches (slug/ownerId) in _meta.json — likely packaging noise but you may want to verify the publisher if provenance matters. 3) Follow best practices for fonts/images (license checks for Google Fonts/Unsplash) and verify browser support for oklch() if targeting older browsers. Otherwise, the skill does not request sensitive access and is coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk971bb9j0ezynr5mwqgav01rzh83vkzn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis

Comments