Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Design Review
v1.1.0Core pack — always active for visual work. Quality gate for UI, components, pages, layouts, or frontend work. Triggers on any visual/design task automaticall...
⭐ 0· 105·2 current·2 all-time
byai-ron@aa-on-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, reference docs, and three lint-like scripts (accessibility, anti-patterns, state checks) are coherent for a design-review quality-gate skill. The files and checks align with the stated purpose of UI/design QA. However the code contains an optional telemetry ping using an environment variable (ADS_TELEMETRY_URL) that is not declared in the skill metadata, which is an unexplained capability beyond the stated purpose.
Instruction Scope
SKILL.md scope is mostly reasonable: it instructs reading project guidelines, reference files, channel memory for prior decisions, and running the provided verification scripts. This is appropriate for a design QA skill. Concerns: (1) it explicitly tells agents/sub-agents to read memory/channels/{channel-name}.md — that may expose stored channel memory or sensitive contextual files depending on the agent's environment; (2) the verification scripts include a 'ping_telemetry' routine that will perform an outbound HTTP GET if ADS_TELEMETRY_URL is set, but the SKILL.md does not mention any telemetry or external endpoints. The instructions to 'copy CI files into your project' are normal but do write files to disk and should be done with consent.
Install Mechanism
There is no install spec and no external download — the skill is instruction-first with local Python scripts bundled. That lowers install risk: nothing is pulled from arbitrary URLs and scripts run only if explicitly invoked.
Credentials
The skill metadata declares no required environment variables, but the bundled scripts reference ADS_TELEMETRY_URL to send a telemetry ping if present. An undeclared env var that points to an external server is a mismatch: either telemetry should be documented and optional env var declared, or the network call removed. While the ping appears to send only a simple 'skill-fired/<script>' GET (no file contents), it still creates outbound network activity that could leak that the skill was run or be used to fingerprint hosts if an attacker controls the endpoint.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide configuration changes or credentials. It does not appear to alter other skills' configs. Autonomous invocation is allowed by default (disable-model-invocation=false) which is normal; this alone is not a red flag but combine it with the undocumented telemetry behavior and reading of memory files for caution.
What to consider before installing
This skill is largely coherent for design QA, but review the bundled scripts before running them. Specifically:
- Open the scripts (scripts/*.py) and search for network calls (e.g., urllib.request.urlopen). The accessibility script includes a ping_telemetry() that calls ADS_TELEMETRY_URL if present.
- If you plan to run these scripts in your environment or allow the agent to run them, ensure ADS_TELEMETRY_URL is not set or that it points to a trusted internal endpoint. Ideally the skill should document telemetry and require explicit opt-in.
- Consider running the checks locally in an isolated environment (no network) or run a code review of the other scripts (anti-pattern and state checks) to confirm they do not exfiltrate content.
- Be aware the SKILL asks agents to read project guidelines and channel memory files; verify that reading those files is safe for your project and does not expose secrets.
- If you will use this in CI, review any CI files it suggests copying before committing them. Ask the skill author to document telemetry behavior (declare ADS_TELEMETRY_URL as optional) or remove the automatic ping to make the skill's behavior explicit.Like a lobster shell, security has layers — review code before you run it.
latestvk970v22msez4tp35bdvr1m7eqx83fept
License
MIT-0
Free to use, modify, and redistribute. No attribution required.