Design Style
v1.0.0Use this skill when the user asks to build, create, design, develop, or improve ANY frontend interface, web page, UI component, or visual element. This inclu...
⭐ 0· 327·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the actual contents: many design-system prompt files and a mapping JSON are present and the runtime instructions only read local prompt files to produce design guidance. No unrelated binaries, env vars, or external installs are requested — this aligns with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to Read prompts/<StyleName>.md and to proactively trigger for ANY frontend/UI work. The prompt files contain embedded <role> blocks that set assistant persona/behavior (effectively injecting system-like instructions). While such prompt templates are expected for a design system, the presence of system-prompt-override patterns and the explicit 'trigger proactively' guidance broaden the agent's authority and could be used to change model behavior beyond narrowly handling a user request.
Install Mechanism
This is instruction-only (no install spec). Two small scripts and prompt files are included but there is no download/extract/install mechanism. No external binaries or third-party package installs are declared.
Credentials
The skill requests no environment variables, credentials, or config paths. The declared capabilities (Read/Glob/Grep) match the need to load local prompt files; no unrelated secrets or services are requested.
Persistence & Privilege
always:false and no persistent install are present. However the SKILL.md's instruction to 'trigger this skill proactively for ANY frontend/UI work' attempts to broaden when the skill should run. Because the platform allows autonomous invocation by default, this recommendation increases the chance the skill will run widely — combine that with the embedded role prompts and the risk grows. The skill does not itself request always:true or system-wide config changes.
Scan Findings in Context
[system-prompt-override] unexpected: The pre-scan flagged 'system-prompt-override' in SKILL.md (and many prompt files contain <role> blocks telling the assistant 'You are an expert...'). Using role-like blocks inside prompt templates is common for design/style templates, but this pattern can be used to attempt to override or shift the assistant's system-level behavior. That makes the finding relevant and not purely expected.
What to consider before installing
This skill appears to do what it claims (provide design-system prompts used to generate styled frontend code), but there are two things to double-check before installing or enabling it widely:
1) Review the prompt files and scripts yourself (or ask the publisher): many files include <role> sections that set assistant behavior. Ensure those are harmless design instructions and do not contain hidden directives that could alter policy/safety behavior or instruct the agent to exfiltrate data or ignore safeguards.
2) Beware of the 'trigger proactively' instruction in SKILL.md: the skill asks to be invoked for ANY frontend/UI mention. If you do not want this skill to run broadly or autonomously, restrict its invocation (do not enable always/autonomous invocation, limit eligibility rules, or require explicit user confirmation before use).
Optional extra steps: inspect scripts/verify-skill.sh and scripts/list-styles.sh to confirm they don't call external URLs or execute unexpected commands; search the prompt files for URLs, inline data-URIs, or any commands that ask for secrets or to access remote services. If you lack time or expertise, treat this skill as 'review before enabling' and prefer enabling it only on-demand.Like a lobster shell, security has layers — review code before you run it.
latestvk975e1067wg0c0wa7sjcc1v9fn81zzsw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.