Wireframe
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent wireframing skill with no credential or network behavior shown, but it runs a local Bash script that writes SVG/HTML-style output files.
This skill appears safe for normal wireframe generation. Before installing or using it, be aware that it runs a local Bash script, writes files to the specified output path, and may embed label text directly into SVG/HTML output, so use trusted text and avoid overwriting important files.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can create or overwrite local files wherever the selected output path points.
The included script writes generated content to a caller-supplied output path and creates parent directories.
write_file() {
local path="$1"
...
mkdir -p "$dir"
cat > "$path"Use explicit output paths in a project folder and avoid pointing the skill at important existing files.
If wireframe labels are copied from untrusted content, generated SVG or HTML files could contain unwanted markup when opened or shared.
User-controlled labels are interpolated directly into SVG text without escaping, so untrusted labels could become active markup in generated SVG/HTML outputs.
echo " <text x=\"${tx}\" y=\"${ty}\" text-anchor=\"middle\" class=\"label\">${label}</text>"Use trusted labels, inspect generated SVG/HTML before opening or publishing, and prefer escaping or sanitizing labels if adapting the script.