ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ui Design Optimizer

v1.1.0

Generate practical UI design systems and starter pages using local style/color/typography datasets. Use for landing page or dashboard UI planning and impleme...

0· 517·2 current·2 all-time
by@dalomeve
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included assets: local CSV/JSON datasets (styles, colors, typography, patterns, rules) and the skill's declared capabilities. No unrelated environment variables, binaries, or cloud credentials are requested, which is proportionate for a design-system generator.
Instruction Scope
SKILL.md instructs the agent to read local data files, pick styles/palettes/typography, generate compact specs and runnable files (index.html + styles.css), and verify files on disk — all consistent with the stated purpose. One inconsistency: SKILL.md and package.json reference scripts/search.ps1, but that script file is not present in the provided file manifest. If the script were present it should be inspected before execution (it would run PowerShell with ExecutionPolicy Bypass). The instructions may cause the agent to write files to disk and reference external Google Fonts URLs from the typography data (expected).
Install Mechanism
No install spec included (instruction-only skill). That represents a low-risk footprint — nothing is downloaded or written by an installer as part of installation.
Credentials
The skill does not request environment variables, credentials, or config paths. The datasets include external Google Fonts URLs which are expected for typography use; no secret/credential access is requested or required.
Persistence & Privilege
always is false and there are no special persistence or elevated privileges requested. The skill will ask the agent to create and verify generated files locally, which is normal for an implementation-focused design generator.
Assessment
This skill looks coherent and low-risk: it uses local CSV/JSON datasets to pick styles and generate starter HTML/CSS files and does not request credentials or perform installs. Before enabling it broadly, do these simple checks: 1) Confirm scripts/search.ps1 is present and review its contents (it is referenced but not included in the manifest); any PowerShell script run with ExecutionPolicy Bypass should be inspected in a safe environment. 2) Run the skill in a sandbox or test workspace so generated files cannot overwrite important data. 3) Review generated HTML/CSS for unintended external network calls or third-party telemetry (the typography data contains Google Fonts links which will load resources from fonts.googleapis.com). 4) If you need the skill to run autonomously, restrict its working directory and filesystem permissions to limit accidental access to other files. If you want additional assurance, provide the missing script (if intended) and I can re-evaluate its contents.

Like a lobster shell, security has layers — review code before you run it.

latestvk978adcpmmp1evbgy272gt0bk582c9ar

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments