Design System Builder
v1.0.0Comprehensive guide for building enterprise-grade component libraries and design systems from scratch. Use this skill when a frontend engineer needs to: (1)...
⭐ 0· 54·0 current·0 all-time
byHjs102468@goldath
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (design system + component library) matches the contents: monorepo setup, tokens, Storybook, theming, testing, and publishing. All referenced tools (pnpm, turborepo, Style Dictionary, Storybook, Changesets, Chromatic) are reasonable for this purpose.
Instruction Scope
SKILL.md and reference docs contain many concrete commands and CI examples (installing packages, pnpm commands, GitHub Action YAML, Chromatic publish, pnpm changeset publish). These instructions stay within the stated scope, but the release/CI sections show explicit use of repo secrets and external services (GITHUB_TOKEN, NPM_TOKEN, CHROMATIC_PROJECT_TOKEN). This is expected for publishing pipelines but is the main operational surface to review before running in your environment.
Install Mechanism
This is instruction-only (no install spec, no code files executed by the platform). The guidance tells you to install public packages (pnpm, style-dictionary, Storybook, Chromatic, etc.) via standard registries — nothing in the skill embeds or downloads arbitrary binaries from unknown personal servers.
Credentials
The skill itself declares no required environment variables and no credentials. The release pipeline docs sensibly reference CI secrets (GITHUB_TOKEN, NPM_TOKEN, CHROMATIC_PROJECT_TOKEN, NODE_AUTH_TOKEN) which are appropriate for automating versioning/publish flows — they are proportional but should only be provided to CI with least privilege.
Persistence & Privilege
Skill has no special persistence or elevated platform privileges (always:false, no install hooks). It does not request to modify other skills or system-wide config.
Assessment
This appears to be a coherent, instruction-only design-system guide. Before you follow any commands or wire secrets into CI: (1) review and vet the CI workflow files (.github/workflows) and only add NPM/GitHub/Chromatic tokens as repository secrets with minimal scopes; (2) verify package names and versions you install come from your trusted registries (npm/pnpm) and not from unknown URLs; (3) because the skill's source/homepage are not provided, consider auditing the included snippets and any build scripts you add to your repo; (4) run initial builds and tests in a sandbox or fork before applying to production repos; and (5) if you plan to adopt the publish steps, ensure organizational policies for package publishing and token management are followed.Like a lobster shell, security has layers — review code before you run it.
latestvk97enk6kxe9e0merkkcr3wmb9584ejp6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.