Flex
PassAudited by ClawScan on May 1, 2026.
Overview
Flex appears to be a straightforward local CSS Flexbox helper, with disclosed local script execution and file storage.
Before installing, expect it to run a local Bash/Python script, create ~/.flex/data.jsonl, and optionally write exported CSS files. Use safe export paths and do not store sensitive information in layout names.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill executes local script code on the user's machine.
The skill is implemented as a local Bash script that invokes inline Python. This is expected for the advertised CLI layout generator, but it means use involves local command execution.
#!/usr/bin/env bash set -euo pipefail ... python3 << 'PYEOF'
Run it with normal user permissions and review commands before invoking them, especially if editing paths or files.
An agent or user could save CSS output to the wrong location or overwrite an existing file.
The export command supports writing generated CSS to a user-specified path. This is purpose-aligned, but file-output tools can overwrite or alter local files if used carelessly.
`--output` — Output file path (optional, default: stdout)
Use explicit, safe output paths and check before exporting over important files.
Users may not realize the skill needs bash and Python available before use.
The skill discloses runtime prerequisites in SKILL.md, while the registry metadata declares no required binaries. This may affect install expectations, but it does not show hidden or unrelated dependencies.
- Python 3.8+ - `bash` shell
Confirm the local environment has bash and Python 3.8+ before relying on the skill.
Saved layout names and properties persist locally after commands finish.
The skill persistently stores layout configurations in a local file. This is disclosed and proportionate for a layout generator, but users should know the data remains on disk.
All layout configurations are stored in JSONL format at `~/.flex/data.jsonl`.
Avoid putting secrets in layout names or properties, and delete ~/.flex/data.jsonl if you no longer want the saved layouts.