Skillv1.2.0

ClawScan security

Design Engineering · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 30, 2026, 3:57 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are coherent with its stated purpose (local, iterative frontend design orchestration), but a few instruction snippets (Playwright URL placeholder and an eval-based JS syntax check) deserve careful operational controls before you run it autonomously.
Guidance: This skill appears to do what it says: orchestrate iterative frontend design work locally. Before installing/allowing autonomous runs, consider these points: (1) enforce the project-root boundary — ensure any sub-agent/file paths are constrained so they cannot read outside the intended directory; (2) when the skill uses Playwright, ensure callers bind the URL to localhost/dev servers only (do not allow arbitrary external URLs); (3) the JS syntax check uses an eval-style pattern (new Function(readFileSync(...))) — only run that against trusted project files; (4) because the skill spawns sub-agents and runs build/test commands, run an initial review of the sub-agent task descriptions and any code changes they propose before applying them automatically. If you plan to let the agent run autonomously, restrict its network permissions and filesystem scope (or require human approval for risky steps) to reduce potential misuse.

Review Dimensions

Purpose & Capability: okName and description align with the provided instructions and reference documents: orchestration of design/frontend work, sub-agent dispatch, validation checklists and rendering guidance. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope: noteOverall the SKILL.md stays on-scope (work limited to project root, sub-agents confined to project). However, two practical inconsistencies/things to watch: (1) validation snippets use a Playwright page.goto("URL") placeholder while the top-level 'Scope & Safety' asserts Playwright will only target localhost — the snippet itself does not enforce localhost and could be pointed at arbitrary URLs if misused; (2) the JS syntax check uses node -e with new Function(require('fs').readFileSync(...)), which intentionally reads and evaluates file text to catch syntax errors — this is coherent for validation but is effectively an eval-like operation and should be constrained to trusted project files. These are operational risks rather than clear contradictions.
Install Mechanism: okInstruction-only skill with no install spec and no code files executed during install. Lowest-risk installation footprint.
Credentials: okThe skill declares no environment variables, credentials, or config paths. The requested operations are filesystem and local-dev-focused, consistent with the stated purpose.
Persistence & Privilege: okalways is false, agent invocation is allowed (platform default). The skill does not request permanent presence or system-wide changes and does not instruct modifying other skills' configs.