v0.1.5

Tools Ui

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:24 AM.

Analysis

This is a coherent UI-component skill, with the main caution that its setup command fetches unpinned remote component code into a project.

GuidanceThis skill appears safe for its stated purpose as UI documentation/components. Treat the Quick Start like any remote code-generation install: run it only in a project you control, review the files it adds, and verify the upstream source before committing or deploying.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

npx shadcn@latest add https://ui.inference.sh/r/tools.json

The setup command runs a latest-version CLI and pulls component definitions from a remote URL. This is purpose-aligned for installing UI components, but it depends on external package and registry integrity.

User impactRunning the setup command may add or modify project files based on remote content that can change over time.

RecommendationBefore running it, confirm the ui.inference.sh source is trusted, review generated files, and consider pinning tool versions where practical.