Epic Design
v2.1.1Build immersive, cinematic 2.5D interactive websites using scroll storytelling, parallax depth, text animations, and premium scroll effects — no WebGL requir...
⭐ 0· 100·2 current·2 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (cinematic 2.5D web design) matches the SKILL.md content and the provided reference docs. The included scripts (inspect-assets.py and validate-layers.js) are appropriate for the stated tasks (asset inspection and layer validation). No unrelated environment variables, binaries, or network endpoints are requested.
Instruction Scope
Instructions direct the agent to read project-context.md/product-context.md (if present), to run the included asset inspection script on user-supplied images, to produce an asset audit before outputting HTML, and to follow accessibility/performance rules. These actions operate on local project files and uploaded assets and are consistent with the skill's stated purpose. The SKILL.md explicitly requires pausing for user confirmation on asset issues, which limits destructive autonomous actions.
Install Mechanism
No install spec is present (instruction-only plus two helper scripts in the bundle). This is low-risk compared to remote downloads. The presence of local scripts is expected for asset analysis; however, running them will execute code from the skill package on the agent host — review their contents before execution.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate for a design/asset-inspection tool that operates on local files.
Persistence & Privilege
always is false and there is no request to modify other skills or global agent configuration. The skill does not declare ongoing/background privileges. It will run scripts and read local project files when invoked, which is consistent with its purpose.
Scan Findings in Context
[prompt-injection:you-are-now] expected: The SKILL.md begins with a persona directive ('You are now a world-class epic design expert'). This is common in skills that want the agent to adopt a role, but pattern scanners flag it because such phrasing can be used for prompt injection. In this context it appears to be an authoring choice to set tone/behavior rather than an attempt to exfiltrate data.
Assessment
This skill appears internally consistent for creating cinematic 2.5D websites: it will read local project files (project-context.md/product-context.md if present) and run the two included helper scripts on your uploaded images to produce an asset audit before producing code. Before installing or running it: 1) Inspect the two scripts (scripts/inspect-assets.py and scripts/validate-layers.js) to ensure they do only local asset checks (no unexpected network requests, no deletion of files). 2) Run the scripts in a sandbox or review their output on sample images first. 3) Note the persona directive flagged by scanners — it's likely harmless (sets an expert role) but is a form of prompt-instruction; if you are using automated/autonomous agent runs, be aware the skill instructs specific behaviors and will act on local files. 4) Because the skill runs code locally, ensure the execution environment (Python/Node) is trusted and that you approve any file reads it performs. If you want stricter safety, require manual invocation and confirm script contents before allowing the agent to execute them.Like a lobster shell, security has layers — review code before you run it.
latestvk97fxpsdq7c0q2gqc87tzgfaws838r74
License
MIT-0
Free to use, modify, and redistribute. No attribution required.