ClawHub
Back to skill
v0.1.5

Agent Ui

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:22 AM.

Analysis

This is a coherent documentation-only skill for adding an agent UI component, with a few expected setup risks around remote package installation, an API key, and agent-driven UI tools.

GuidanceThis looks safe to consider as a documentation-only helper for installing an agent UI component. Before using it in a real app, review the remote shadcn component and SDK, keep the INFERENCE_API_KEY on the server, add app-level access controls to the proxy route, and require user confirmation for any form-filling workflow that could change important data.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
npx shadcn@latest add https://ui.inference.sh/r/agent.json
npm install @inferencesh/sdk

The setup asks the user to fetch a remote shadcn component and install an npm SDK without pinning versions. This is expected for this UI component workflow, but it depends on upstream package and registry provenance.

User impactInstalling the component may bring third-party code into the user's React/Next.js project.
RecommendationReview the remote component and SDK source/version before installing, and pin versions where practical.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
system_prompt: 'You can fill forms using scan_ui and fill_field tools.'

The documented client-side tools let an agent inspect UI state and fill form fields in the browser. This matches the stated agent UI purpose and is paired with human-in-the-loop features, but it can affect user-facing forms if enabled broadly.

User impactAn integrated agent could populate form fields in the app, which may be helpful but should not be allowed to submit or change important data without review.
RecommendationLimit client-side tools to intended UI areas and require explicit user confirmation before submitting forms or performing account-changing actions.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
INFERENCE_API_KEY=inf_...

The skill requires an inference service API key in the app environment, while the registry metadata declares no required env vars or primary credential. The API key use is expected for the documented proxy route, but users should notice the credential requirement.

User impactThe app will rely on a service API key that may authorize inference usage or account billing depending on the provider configuration.
RecommendationStore the key server-side only, restrict it if the provider supports scoping, and avoid exposing it to browser code.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityInfoConfidenceHighStatusNote
SKILL.md
proxyUrl="/api/inference/proxy" ... allowFiles | boolean | Enable file uploads ... allowImages | boolean | Enable image uploads

The component is designed to communicate through an inference proxy and can optionally allow file and image uploads. This is disclosed and purpose-aligned, but it means user content may flow through the configured inference service.

User impactChats, files, or images provided to the agent may be sent to the configured backend/provider.
RecommendationEnable file/image uploads only when needed, disclose provider data handling to users, and apply app-level authentication and upload limits to the proxy route.