ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sloth D2C Skills

v1.0.1

将Figma设计稿转换为前端组件代码(Design to Code)。通过MCP工具获取设计稿数据,分片处理并生成最终代码。当用户提到Figma转代码、设计稿转代码、D2C、design to code、生成页面时使用。

0· 162·0 current·0 all-time
by@cherokeeli
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (Design-to-Code using an MCP #d2c_figma tool) align with the runtime instructions: call an MCP tool, process chunks, aggregate, and generate code. No unrelated credentials or binaries are requested by the skill itself.
!
Instruction Scope
The SKILL.md asks the main agent to call the #d2c_figma MCP Tool and to write final code into the project — reasonable. However, the included sloth-d2c-agent config declares read_file/search tools and enables background, agentic behavior while also stating 'absolute prohibitions' (do not read other files, do not edit project files). Those prohibitions are only instructions, not enforced restrictions. The agent tools as declared could read arbitrary files accessible to the agent if not programmatically constrained. There's also a mismatch: subagents are said to be used for processing but are forbidden from using MCP/Skills, while the main flow requires MCP.
Install Mechanism
The skill is instruction-only (no install spec) which is low-risk. SKILL.md includes troubleshooting commands that suggest installing an npm package (npm install -g sloth-d2c-mcp) if a CLI is missing — that references an external package of unknown provenance and could be risky if followed without vetting.
Credentials
The skill declares no required environment variables or credentials, which is coherent. But error handling references '未配置有效 Token' (403) without specifying which token or where it should be provided. Lack of explicit auth declarations makes it unclear what credentials the MCP Tool needs.
!
Persistence & Privilege
The bundled sloth-d2c-agent has enabled: true and enabledAutoRun: true and is_background: true. That implies an agent the platform may auto-run in the background with file-reading tools, increasing persistence and potential attack surface even though the skill's top-level flags (always: false) are normal. This persistent/autonomous subagent combined with broad read tools is a notable risk.
What to consider before installing
This skill appears to do what it says (convert Figma design data into code) but has worrisome operational details you should review before installing: 1) The package includes a background subagent (enabledAutoRun) with file-reading tools — confirm how/when that agent runs and restrict its file access (prefer limiting to the .sloth path). 2) The subagent's 'do not read other files' rule is an instruction, not an enforced sandbox; verify runtime enforcement or disable the subagent auto-run. 3) The SKILL.md references an MCP Token/403 errors but doesn't declare where to supply credentials — ask the maintainer which token is needed and why. 4) Troubleshooting suggests installing an npm package (sloth-d2c-mcp) of unknown origin — do not run that install without vetting the package source. If you need to use this skill, prefer running it in an isolated sandbox, inspect/disable the background agent, and verify the MCP tool and any npm package provenance first.

Like a lobster shell, security has layers — review code before you run it.

latestvk972xqe7eg69r6n6drrgnb3ajs832v2k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments