Back to skill
Skillv0.1.0
ClawScan security
Ant Design Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 10, 2026, 4:33 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a coherent Ant Design (React) UI guidance + starter project: it requests no credentials, has no automatic install steps, and the instructions match the skill name and files.
- Guidance
- This skill appears to be what it says: UI patterns and a starter Ant Design project. Before using: (1) inspect README and package.json/package-lock.json to review dependencies and any npm scripts, (2) verify the Ant Design version (the skill assumes v5+ and will behave differently for v4), (3) run any bootstrap/install commands in a sandbox or dev machine (do not run unknown scripts on production hosts), (4) check licenses of included packages if that matters, and (5) if you allow the agent to invoke skills automatically, note this skill is model-invocable by default but it doesn't request secrets.
Review Dimensions
- Purpose & Capability
- okThe SKILL.md and included files focus on building React UIs with Ant Design (patterns, theming, examples, and a starter Vite project). Required env/binaries are empty and nothing requested appears unrelated to the stated purpose.
- Instruction Scope
- okRuntime instructions describe UI patterns, layout, forms, tables, tokens, and where to find examples; they do not instruct the agent to read arbitrary host files, access secrets, or transmit data to external endpoints beyond normal development references. The guidance is scoped to AntD UI work.
- Install Mechanism
- noteThere is no install specification (instruction-only), so nothing will be written/installed automatically. However, the skill bundle includes a starter project with package.json and package-lock.json — if you or the agent run npm/yarn locally, dependencies will be fetched. Review dependencies and scripts before running installs.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. No sensitive environment access appears necessary for the described functionality.
- Persistence & Privilege
- noteThe skill does not set always:true. disableModelInvocation is not set (default allows model invocation), meaning the model could call it when eligible. Given the skill has no credentials or install steps, this is low risk, but be aware it is model-invocable by default.