prd-design
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent product-design workflow skill; the main cautions are that it may save user-provided internal materials locally and generated prototypes load third-party CDN scripts.
This skill is reasonable for PRD and prototype generation. Before installing, use it in a dedicated workspace, share only internal materials you are comfortable saving into generated project files, and be aware that the HTML prototype template loads common front-end libraries from public CDNs unless you replace them with local copies.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Opening the generated prototype may contact third-party CDNs and execute those browser libraries.
Generated/opened prototypes rely on external CDN-hosted React, Babel, and Tailwind scripts. This is normal for a lightweight prototype template, but it means the prototype depends on third-party script sources.
<script crossorigin src="https://unpkg.com/react@18/umd/react.production.min.js"></script> ... <script src="https://cdn.tailwindcss.com"></script>
Use the CDN version only if acceptable for your environment, or replace the scripts with locally reviewed copies for sensitive or offline work.
The workflow may require Node.js locally and may fail or need adjustment if Node is unavailable.
The workflow may invoke a local Node.js syntax-check command against generated JavaScript. This is proportionate for validating an HTML prototype, and the artifact does not instruct running arbitrary downloaded code.
用 `node --check` 验证语法,returncode≠0 时**禁止保存输出,必须先修复**。
Run this in a normal project workspace, review generated prototype code if it contains sensitive content, and consider declaring Node as a requirement if this validation is mandatory.
Internal screenshots, schemas, or documents provided to the workflow may persist in generated project folders and outputs.
The skill stores user-provided screenshots and derived project materials in local project files. This is expected for product-design work, but those files may contain internal business or system details.
如果用户上传截图: - 保存截图到 `project/03-modify/screenshots/` - 在文档中引用截图路径
Provide only materials you are allowed to include, remove secrets or customer data from screenshots/DDL before sharing, and clean up the generated project folder when no longer needed.