SuperDesign

PassAudited by ClawScan on May 1, 2026.

Overview

SuperDesign is an instruction-only frontend design guide; its only notable risk is that it recommends third-party CDN scripts for generated prototypes.

This skill appears safe to install as an instruction-only design aid. If you use its generated HTML snippets, review any third-party CDN scripts or image services before deploying them to production.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note

ASI04: Agentic Supply Chain Vulnerabilities

What this means

If the generated UI uses these snippets, the page may fetch and run code from third-party CDN providers in the browser.

Why it was flagged

The skill recommends loading frontend libraries from third-party CDNs, including an unpinned '@latest' dependency. This is disclosed and purpose-aligned for frontend prototypes, but it creates a supply-chain consideration for generated pages.

Skill content

<script src="https://cdn.tailwindcss.com"></script> ... <script src="https://unpkg.com/lucide@latest/dist/umd/lucide.min.js"></script>

Recommendation

Use pinned versions, integrity checks, or self-hosted assets for production; treat CDN snippets as acceptable mainly for prototypes or trusted contexts.