Ui Design
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent for UI mockup generation and shows no evidence of credential use, persistence, destructive actions, or hidden data collection.
This appears safe for its stated purpose. Before installing, be aware that your design brief is used as an image-generation prompt, and verify that you are comfortable trusting the external core media-generation service.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The final image-generation behavior is handled by the platform helper, not entirely by this skill's visible script.
The skill relies on a core media-generation helper outside the skill's own included files. This appears purpose-aligned, but behavior depends on that external primitive.
CORE_SCRIPT="$SCRIPT_DIR/../../../../core/media/generate-image.sh"
Install only if you trust the platform's core media-generation primitive and the publisher.
Design briefs may be sent to the image-generation service, so sensitive business or unreleased product details could leave the local context.
The user-supplied description is embedded into a prompt and passed to an image-generation provider/helper.
CONTEXT: $DESCRIPTION ... bash "$CORE_SCRIPT" --prompt "$EXPERT_PROMPT" --model flux-dev $AR_FLAG --json
Use non-sensitive briefs or remove confidential details before generating mockups.