ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Paper Design

v1.0.0

Design UI screens in Paper — a professional design tool running locally on macOS. Create artboards, write HTML into designs, take screenshots, and iterate vi...

0· 214·0 current·0 all-time
by@candoolabs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the implementation: the skill talks to Paper's local MCP server and exposes commands to read the canvas, write HTML, create artboards, and capture screenshots. Required binaries (curl, python3) are appropriate for the HTTP and JSON handling the script performs.
Instruction Scope
SKILL.md stays within the expected scope (telling the agent to call paper.sh with JSON args). However, the included paper.sh reads/writes local session files (/tmp/paper-mcp-session) and a screenshot directory (/tmp/paper-screenshots) and supports environment overrides for the MCP URL and paths. Those env vars are not documented in SKILL.md's public 'requires' list, which is a transparency gap the user should be aware of.
Install Mechanism
Instruction-only skill (no install spec). The included script is executed directly; nothing is downloaded or installed by the skill itself, which minimizes install-time risk.
!
Credentials
Registry metadata declares no required env vars, but paper.sh honors PAPER_MCP_URL, PAPER_SESSION, and PAPER_SCREENSHOT_DIR environment variables. In particular PAPER_MCP_URL defaults to a localhost address but can be overridden to any endpoint; if set to a remote URL, the skill would send design data and session initialization requests off-host. This is a configuration-based exfiltration risk and should have been declared and documented.
Persistence & Privilege
The skill does not request permanent platform privileges and is not always-enabled. It caches a session id and writes files under /tmp (its own state), which is expected for this kind of bridge. It does not modify other skills or system-wide settings.
What to consider before installing
This skill is coherent with its stated purpose and uses only local HTTP calls by default, but inspect and consider the following before installing: - Review paper.sh yourself. It will create a session file (default /tmp/paper-mcp-session) and save screenshots (default /tmp/paper-screenshots). - Be cautious about the PAPER_MCP_URL environment variable. Although it defaults to http://127.0.0.1:29979/mcp, if that variable is set to a remote host the script will forward MCP calls (and potentially design data) off your machine. Only run this skill in environments where you control env vars. - Confirm Paper is the official desktop app you expect and that the MCP endpoint is running locally. If you have strict data exfiltration requirements, consider running the script in a sandboxed account or reviewing network traffic to ensure MCP calls remain local. - The skill does not declare the optional env vars it supports; prefer explicit documentation or edit the script to harden PAPER_MCP_URL to localhost if you need to lock it down.

Like a lobster shell, security has layers — review code before you run it.

designvk97c61jctqch302appz9fqym0982nfz5latestvk97c61jctqch302appz9fqym0982nfz5mcpvk97c61jctqch302appz9fqym0982nfz5papervk97c61jctqch302appz9fqym0982nfz5uivk97c61jctqch302appz9fqym0982nfz5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
OSmacOS
Binscurl, python3

Comments