Skillv1.0.1

ClawScan security

AIOZ UI Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 24, 2026, 8:09 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill (design-system mapping docs) that is internally consistent with its stated purpose and does not request credentials, install software, or perform I/O — main remaining risk is lack of provenance (unknown source).
Guidance: This skill is documentation and mapping rules for AIOZ UI V3 (Figma MCP → React code). It does not request secrets, run installers, or contain executable code, so installation is low risk from a technical perspective. Two practical cautions: (1) provenance — the skill lists no homepage and the source is unknown, so confirm you trust the publisher or compare the mappings with your official AIOZ UI docs before using in production; (2) this is guidance-only — to actually build/run components you or your project will still need the @aioz-ui packages and appropriate build setup (the references include workspace paths and package.json snippets). If you integrate this skill with an agent that has access to your Figma/MCP tokens, be mindful of where those tokens are stored and which agents/services can access them.

Purpose & Capability: okThe name/description (AIOZ UI V3 → code mapping) matches the provided content: SKILL.md and the reference files are detailed mapping tables and code examples for converting Figma MCP output into React code using @aioz-ui packages. There are no unrelated requirements (no cloud credentials, no unrelated binaries).
Instruction Scope: okRuntime instructions are strictly mapping rules, import guidelines, and example JSX/TSX patterns. They do not instruct the agent to read arbitrary system files, access environment variables, or send data to external endpoints. The skill explicitly expects Figma MCP-formatted input but does not direct how to obtain Figma tokens or call Figma APIs.
Install Mechanism: okNo install spec and no code files to execute — instruction-only. Nothing will be written to disk or downloaded by the skill itself.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The setup notes reference local workspace package paths (typical for monorepo dev setups), which is proportionate to a developer-facing design-system mapping document.
Persistence & Privilege: okalways is false and the skill makes no requests to persist configuration or modify other skills. It does not request elevated privileges or system-wide configuration changes.