v0.1.1

shadcn

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:44 AM.

Analysis

This skill is a coherent shadcn/ui helper that mainly documents how to use the shadcn CLI and component rules, with expected project-file modification capabilities.

GuidanceThis skill appears safe for normal shadcn/ui development. Before installing or running commands, review diffs for generated components, be cautious with `--force` or overwrite options, and use trusted or pinned CLI/registry sources for production projects.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

Run all CLI commands using the project's package runner: `npx shadcn@latest`, `pnpm dlx shadcn@latest`, or `bunx --bun shadcn@latest`

The skill relies on downloading or invoking the latest shadcn CLI package rather than a pinned version. This is purpose-aligned for shadcn usage, but users should recognize the dependency on the current upstream package.

User impactUsing @latest means the command behavior can change as the upstream CLI changes.

RecommendationUse the official shadcn CLI source and consider pinning a version in sensitive projects.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

cli.md

`npx shadcn@latest add [components...] [options]` ... `--overwrite` ... `--all` ... `--dry-run`

The documented CLI can add or overwrite project component files. The same artifact also documents dry-run, diff, and view modes, which helps keep the behavior user-reviewable.

User impactIf used carelessly, component installation or overwrite commands can change existing project files.

RecommendationPreview changes with `--dry-run`, `--diff`, or version control before adding or overwriting components.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityInfoConfidenceHighStatusNote

mcp.md

"headers": { "Authorization": "Bearer ${MY_TOKEN}" }

The documentation shows optional private registry authentication using an environment variable. This is expected for private registries and there is no evidence of logging or exfiltration.

User impactPrivate registry tokens may be used if the user configures them in components.json.

RecommendationUse least-privilege registry tokens and avoid exposing them in shared project files or logs.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

mcp.md

The CLI includes an MCP server that lets AI assistants search, browse, view, and install components from registries.

The optional MCP server exposes registry search/view/install operations to AI assistants. This is disclosed and aligned with the skill's purpose, but users should understand that enabling it gives an assistant a component-installation interface.

User impactIf the optional MCP server is enabled, an assistant may be able to inspect registries and request component install commands through MCP tooling.

RecommendationEnable MCP only in projects where you trust the assistant workflow, and review install commands or diffs before applying them.