ClawHub

Extract Design System

Security checks across malware telemetry and agentic risk

Overview

This skill is a focused design-token extraction helper with clear limits and no evidence of hidden or destructive behavior.

Before installing, understand that using the skill may run npx tooling and install Chromium. Use it only for public websites, review the generated .extract-design-system and design-system files before applying them, and explicitly approve any changes to existing app code or styling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- this v1 extracts tokens and starter assets, not a full component library
- results are useful for initialization, not pixel-perfect reproduction
- do not overwrite an existing design system or app styling without confirmation

## Workflow
Confidence
75% confidence
Finding
without confirmation

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal