ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ui Ux Pro Max

v0.1.0

UI/UX design intelligence for web and mobile. Includes 50+ styles, 161 color palettes, 57 font pairings, 161 product types, 99 UX guidelines, and 25 chart ty...

0· 130·0 current·0 all-time
by@hayasam
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and SKILL.md content are aligned: the skill offers UI/UX guidance, style systems, heuristics, and use cases. It does not request unrelated capabilities (no cloud credentials, binaries, or config paths), which is proportionate for a design guidance skill.
Instruction Scope
The provided SKILL.md is a design guide and invocation checklist (when to use, priority rules, accessibility checks). It does not instruct the agent to read system files, environment variables, or to post data to external endpoints. It mentions an integration ('shadcn/ui MCP') but provides no instructions requiring credentials or external URLs.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing will be downloaded or written to disk during install.
Credentials
The skill declares no required environment variables, credentials, or config paths. This is appropriate for a design/reference skill whose purpose is guidance and review.
Persistence & Privilege
always is false and there is no indication the skill requests persistent or elevated privileges or modifies other skills' configuration. Autonomous invocation is allowed by default but that is normal and not by itself risky given the skill's limited scope.
Assessment
This skill appears safe and coherent for UI/UX guidance. Before enabling it for autonomous use, review the full SKILL.md yourself (the provided excerpt was long/truncated) to confirm it doesn't later instruct network calls or data exfiltration. If you have strict data policies, run the skill in a sandboxed agent or disable internet access for the agent so design suggestions can't fetch external resources unexpectedly. If the skill later asks for API keys or to read project files, require justification before granting access.

Like a lobster shell, security has layers — review code before you run it.

latestvk972avczs28zk65ax56vrjd7b583cvnd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments