ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

UI Craft Pro

v0.2.2

Design, refine, and implement better UI for websites, dashboards, apps, landing pages, and components by using a local design knowledge base plus a code-firs...

0· 108·0 current·0 all-time
byAira Elite@airaeliteagent
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with included assets: a large local design knowledge base (CSV data, references) and Python scripts for searching, generating design-systems, and producing style/code artifacts. The requested resources (no env vars, no external binaries) are proportionate to a local design/code helper. Minor oddity: several script files appear twice in the manifest (scripts/*.py listed twice), which looks like a packaging duplication but not necessarily malicious.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python scripts (e.g., python3 skills/ui-craft-pro/scripts/search.py ...) and to use the local CSV knowledge base; that is within the skill's stated scope. However the static pre-scan flagged a 'system-prompt-override' pattern inside SKILL.md (prompt-injection). Even if benign, that indicates the skill's prose contains phrases that could try to alter model/system behavior. Additionally, the scripts (not fully shown) could read/write the local data files (data/_sync_all.py does so) and may execute arbitrary Python logic; you should inspect scripts for any network calls, telemetry, or instructions to alter agent/system prompts before running.
Install Mechanism
There is no install spec (instruction-only style), which minimizes installer-level risk. That said, code files are bundled with the skill and will be executed if the agent follows SKILL.md commands; no remote downloads were declared in the registry metadata. Risk comes from executing bundled code, not from an installer fetching third-party archives.
Credentials
The skill declares no required environment variables, credentials, or external endpoints — appropriate for an offline design helper. Nonetheless, bundled scripts (e.g., data/_sync_all.py) operate on local files (reading/writing CSVs) and could be implemented to access other filesystem locations or the network. Without reviewing all script code for network I/O or file-system paths outside the skill directory, there is residual risk of data exposure.
Persistence & Privilege
always:false and no claims to modify other skills or global agent configuration. The skill's own scripts include a sync utility that mutates files inside its data directory, which is reasonable for keeping the local knowledge base coherent. No indication the skill attempts to persist beyond its bundle or force-enable itself.
Scan Findings in Context
[system-prompt-override] unexpected: The registry's prompt scanner flagged 'system-prompt-override' in SKILL.md. A design helper does not normally need to modify or attempt to override model/system prompts; this could be an accidental phrasing (e.g., guidance to the model) or an attempt at prompt injection. Treat as a warning and inspect SKILL.md and any runtime messages the scripts print.
What to consider before installing
This skill appears to be a local design & code assistant that ships with a large offline knowledge base and Python scripts. That is coherent with its description, but it contains two things you should check before use: (1) open and read SKILL.md completely for any instructions that ask the agent to change its system prompt or to send data to an external endpoint — the pre-scan flagged a possible prompt-injection phrase; (2) inspect the bundled Python scripts (scripts/*.py and data/_sync_all.py) for network calls (requests, urllib, sockets), subprocess.exec usage, or file operations outside the skill folder. If you aren't comfortable auditing the code, run the scripts in a restricted environment (container, VM) with no secret credentials mounted and no sensitive files accessible. Do not run them with elevated privileges or in a workspace where they can access other users' files or cloud credentials. If you plan to let the agent invoke the skill autonomously, be extra cautious: autonomous execution plus bundled code and a prompt-injection pattern increases blast radius. If you want, I can scan the remaining script files for network or subprocess patterns and summarize any risky calls I find.

Like a lobster shell, security has layers — review code before you run it.

latestvk977aer4nx6zy27nwkpvp61vvs83dnsh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments