ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Markdown-UI DSL: Zero-Hallucination UI Generation

v1.0.3

Create low-fidelity, text-based wireframes using the Markdown-UI Domain Specific Language (DSL).

0· 218·0 current·0 all-time
by@megabytemark
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Markdown-UI DSL for low-fidelity wireframes) align with the SKILL.md: the document defines a DSL and explicit rules for generating/parsing .ui.md specs and translating them to/from frontend components. Required binaries/env/config are none, which is appropriate for an instruction-only DSL authoring skill.
Instruction Scope
The instructions explicitly direct the agent to read and (when authorized) modify code files based on a 'component:' YAML path and to look for a '// UI Spec:' comment in code. This is within scope for a spec->code syncer, but users should note the skill will access the local filesystem and modify project files. The SKILL.md includes a safety rule to ask for confirmation before changes unless the user explicitly requests 'autonomously' or 'force sync', which is a notable behavior to be aware of.
Install Mechanism
No install spec or code files are included; this is instruction-only so nothing is downloaded or written by the skill package itself.
Credentials
The skill requires no environment variables or credentials. It does instruct the agent to read and write local project files (paths from frontmatter or code comments), which is proportional to the stated purpose of syncing specs and code.
Persistence & Privilege
The skill is not marked 'always:true' and does not request elevated or cross-skill configuration. The platform default allowing autonomous invocation applies (normal), and the SKILL.md permits bypassing user confirmation only if the user explicitly tells the agent to operate 'autonomously' or 'force sync'.
Assessment
This skill is internally consistent but will read and (if authorized) modify local project files based on paths in .ui.md frontmatter or code comments. Before running it against important repositories: (1) back up your code or use a branch, (2) avoid giving a blanket 'autonomously' instruction unless you trust the exact action, and (3) test on a small sample project so you can inspect the generated code headers and changes. Because it's instruction-only and from an unknown source, prefer to run it in a sandboxed environment until you're comfortable with its behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bmj1nzzfmpfa2q5f2x4m9nd82wm2f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments