Skillv1.0.0

ClawScan security

UX/UI Specialist Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 26, 2026, 11:00 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only UX/UI skill is internally consistent with its stated purpose and does not request credentials, binaries, or perform any installation.
Guidance: This skill appears coherent and low-risk: it only uses bundled design references and asks for clarifying context before giving recommendations, and it does not request credentials or install software. Before enabling it, consider: (1) review the included references to ensure they meet your organization’s standards and are up-to-date; (2) avoid pasting sensitive user data or personally-identifiable screenshots into prompts you send to any external agent; and (3) if you require legally regulated advice (e.g., accessibility compliance audits for legal requirements), use this skill as an assistant but validate recommendations with a qualified auditor or official WCAG resources.
Findings: [none_detected] expected: The regex scanner had no code files to analyze (instruction-only skill). This is expected for a documentation-driven UX skill; absence of findings is not proof of correctness but is consistent with the package contents.

Purpose & Capability: okThe name and description (professional UX/UI analysis with accessibility emphasis) align with the included reference documents and runtime instructions. Nothing requested (no env vars, no binaries, no installs) is unexpected for a design-consulting skill.
Instruction Scope: okThe SKILL.md instructs the agent to read the bundled reference files and follow a structured three-step workflow (deconstruct, analyze, recommend). It does not ask the agent to read unrelated system files, access external endpoints, or exfiltrate data. The explicit requirement to consult WCAG and platform HIGs is appropriate for an accessibility-focused UX skill.
Install Mechanism: okNo install spec is provided and no code files are present beyond documentation — lowest-risk model for a skill. Nothing will be downloaded or written to disk by an installer.
Credentials: okNo environment variables, credentials, or config paths are requested. The absence of secret requirements is proportional for a UX advisory skill.
Persistence & Privilege: okalways:false and standard autonomous invocation settings are used. The skill does not request persistent system-wide privileges or modify other skills' configurations.