ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

gui.new

v1.0.1

Create shareable HTML canvases via the gui.new API. Use when: (1) generating visual output (dashboards, charts, forms, tables, diagrams, landing pages, inter...

0· 242·0 current·0 all-time
byDylan Feltus@dylanfeltus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the SKILL.md: it instructs the agent to POST HTML to gui.new and return a URL. No unrelated env vars or binaries are requested. However the registry shows no homepage/source URL for the skill owner while the instructions reference the external domain gui.new — lack of provenance is noteworthy.
!
Instruction Scope
SKILL.md explicitly instructs the agent to upload arbitrary HTML (and Mermaid) to https://gui.new and to always share the returned URL. That behavior can leak sensitive data if the agent includes secrets or PII in the HTML. The skill also documents an edit_token returned by the API and shows using it in Authorization headers — the token should be treated as a secret but the instructions don't give guidance about safe storage/limits.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself. This is low-risk from an install/execution perspective.
Credentials
The skill declares no required env vars (correct for a free-tier flow). SKILL.md mentions an optional x-api-key for Pro features but doesn't require it. Be aware the API returns an edit_token (sensitive); the skill doesn't request storage but an agent may keep it — that is a credential-like artifact and must be handled carefully.
Persistence & Privilege
always:false and no special config paths or system changes. The skill can be invoked autonomously (platform default), which increases blast radius only if the agent is allowed to upload data; this is expected behavior and not by itself a problem.
What to consider before installing
This skill does what it says (uploads HTML and returns a shareable URL), but it sends content to a third‑party service whose homepage/source isn’t listed in the registry. Before installing/use: (1) never include secrets, credentials, or private PII in HTML you send — canvases are public by default; (2) treat the returned edit_token as a secret (don’t persist it in logs or expose it publicly); (3) verify the gui.new domain, privacy policy, and terms (and the SDK packages) before using Pro features or providing an API key; (4) prefer local rendering or a self‑hosted alternative if you need to handle sensitive data; (5) if you need higher assurance, ask the skill author/maintainer for a homepage, contact, and additional provenance information.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cjc44fgdrw8f9g28yg2pzf582rtrb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments