UI Inspiration Library
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent and purpose-aligned, but it will use a Notion token to save, search, and return user-provided UI screenshots, so users should scope that access carefully.
Before installing, use a dedicated least-privilege Notion integration, confirm the exact target database or parent page, avoid archiving sensitive screenshots in shared channels, and periodically review what the library stores and who can access it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can create records and attach images in the configured library, so mistakes could clutter or alter that Notion database.
The skill is intended to perform Notion write and file-upload operations, which are appropriate for an archive workflow but can change user workspace data.
Create the target library record. Upload or attach the original image to that record.
Confirm the target database before archiving, keep the no-overwrite defaults, and review batch uploads before saving many screenshots.
The token may grant access to Notion content beyond a single database if it is over-scoped.
The skill explicitly requires a Notion API credential to access the backing library.
"requires": { "env": ["NOTION_API_KEY"] }, "primaryEnv": "NOTION_API_KEY"Use a dedicated Notion integration token shared only with the intended inspiration-library database or parent page.
Screenshots, tags, summaries, and source details may remain searchable in Notion after the immediate chat is over.
The skill stores screenshots and retrieval metadata persistently so future requests can reuse them.
Use a single Notion database as the long-term UI inspiration library.
Avoid archiving confidential product, customer, or internal screenshots unless the Notion database retention and sharing settings are appropriate.
In shared channels, archived or retrieved images could be visible to everyone in that channel.
The skill moves images between chat channels and the Notion library, then responds in the originating channel.
Extract or download image attachments using the channel-specific path... Reply in the same channel with a concise archive result.
Use private channels for sensitive images and ensure the channel audience is allowed to see returned references.
Users have less external context for who maintains the skill or where to verify updates.
The registry information provides limited provenance for the skill, although there are no code files or install scripts in the provided artifacts.
Source: unknown; Homepage: none
Review the skill instructions and owner identity before installing, especially in workspaces with sensitive Notion data.