Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
TailwindCss Complete Documentation
v0.1.0Complete Tailwind CSS documentation. Use when working with Tailwind CSS utility classes, responsive design, dark mode, animations, custom configurations, plugins, or styling questions. Covers all utility classes, modifiers, configuration options, and best practices.
⭐ 0· 1.8k·4 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Tailwind CSS documentation) match the packaged contents: many .mdx reference files and a README describing documentation extracted from tailwindlabs/tailwindcss.com. The skill declares no binaries, env vars, or config paths — consistent with a read-only documentation skill. A single small utility source file (references/utils/colors.ts) is present and appropriate for docs rendering.
Instruction Scope
SKILL.md tells the agent to read files under references/ to answer Tailwind questions, which is within scope for a documentation skill. However the static pre-scan flagged a 'base64-block' pattern in SKILL.md (prompt-injection pattern). That is unexpected for a pure doc skill and should be reviewed: look for embedded base64/data-uris or obfuscated text in SKILL.md or truncation/hidden instructions that might try to influence the agent.
Install Mechanism
No install spec is present (instruction-only behaviour). Nothing is downloaded or written during install, minimizing install-time risk. The large file set is bundled with the skill, so no remote fetches are required.
Credentials
The skill requires no environment variables, credentials, or config paths. This is proportionate for a documentation/reference skill.
Persistence & Privilege
Flags are default (always: false, user-invocable: true). The skill does not request persistent privileges or system-wide configuration changes and does not claim to write other skills’ configs.
Scan Findings in Context
[base64-block] unexpected: The pre-scan flagged a base64-block pattern inside SKILL.md. A documentation skill normally doesn't need embedded base64 payloads or encoded instructions. This may be a false positive (e.g., data URIs for images) or benign encoded examples, but it could also indicate injection or obfuscated content intended to influence the agent. Inspect SKILL.md and any long text blocks for embedded encoded payloads or hidden prompts.
What to consider before installing
This skill appears to be a straightforward local copy of Tailwind CSS documentation and does not ask for credentials or install remote code, which is good. However, the SKILL.md triggered a 'base64-block' prompt-injection heuristic — you should manually inspect the full SKILL.md (and any large/truncated files) before installing. Look for embedded base64/data-URIs or long encoded strings and any instructions that go beyond 'read from references/'. Verify the source (owner ID is unknown), confirm license/attribution if that matters, and if you're unsure run the skill in an isolated/test agent or review the code files (references/utils/colors.ts) for dynamic eval/exec patterns. If SKILL.md simply contains data URIs or benign examples, the risk is low; if it contains encoded prompts or hidden instructions, do not install.Like a lobster shell, security has layers — review code before you run it.
cssvk976s46wq5k5480bxbtwwfb31980p3qddark-modevk976s46wq5k5480bxbtwwfb31980p3qddesignvk976s46wq5k5480bxbtwwfb31980p3qddocumentationvk976s46wq5k5480bxbtwwfb31980p3qdfrontendvk976s46wq5k5480bxbtwwfb31980p3qdlatestvk976s46wq5k5480bxbtwwfb31980p3qdresponsivevk976s46wq5k5480bxbtwwfb31980p3qdstylingvk976s46wq5k5480bxbtwwfb31980p3qdtailwindvk976s46wq5k5480bxbtwwfb31980p3qdutilityvk976s46wq5k5480bxbtwwfb31980p3qd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.