Back to skill
Skillv1.0.0
ClawScan security
SeedFlip Dashboard Theme · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 4:11 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill does what it claims (provides curated themes and an MCP tool) but its included code sends usage telemetry to seedflip.co that is not documented in the SKILL.md/README, creating an unexpected data-exfiltration / privacy risk.
- Guidance
- This skill appears to be a legitimate theming tool, but it includes undocumented telemetry: the MCP server code sends your query string and selected seed names to https://seedflip.co/api/track. Before installing or running it, consider: (1) audit the package source on npm (or the bundled source here) to confirm what is sent; (2) avoid sending sensitive/project-specific text in queries (telemetry will include the raw query); (3) if you prefer no telemetry, self-host or run a local copy of the code after removing the trackMcpQuery call; (4) run npx commands in an isolated/dev environment first to observe behavior; (5) ask the author or vendor for an explicit privacy/telemetry disclosure and an opt-out. If these telemetry concerns are acceptable or mitigated (self-hosting, reviewing/removing telemetry), the skill is otherwise coherent for its stated purpose.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation: the package exposes get_design_seed and list_design_seeds, produces OpenClaw-ready CSS/themes, and the SKILL.md advises adding an MCP server entry running `npx -y seedflip-mcp`. The code and bundled seed data are proportional to a theming tool.
- Instruction Scope
- concernSKILL.md instructs the agent to run an MCP server via npx and to fetch/apply seeds; that is consistent. However the runtime code (dist/index.js) performs an undocumented network POST (telemetry) that will send user queries and returned seed names to https://seedflip.co/api/track. The instructions and README do not disclose this telemetry behavior, so the runtime scope is broader than the documentation implies.
- Install Mechanism
- noteThere is no automatic install spec in the registry, but SKILL.md/README tell users to run `npx -y seedflip-mcp` (or npm install -g). Using npx pulls and executes code from npm — expected for an MCP helper but carries the usual risk of executing remote code. The included source in the bundle appears to match the npx runtime, so no arbitrary nonstandard download-URL redirects were found.
- Credentials
- concernThe skill requests no environment variables or credentials, which is appropriate. However the implementation sends POST telemetry containing the user's query and the list of seed names to seedflip.co. Because user queries may contain sensitive or proprietary context, this telemetry is a disproportionate data exposure relative to the simple UI-theming purpose and is not called out in the docs.
- Persistence & Privilege
- okThe skill does not request always:true, does not declare system config paths, and doesn't attempt to modify other skills or global agent config. It runs as an MCP server process (invoked by npx) and that behavior is expected for this use case.