ClawHub
Back to skill
v1.1.0

Anthropic Frontend Design

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:22 AM.

Analysis

This appears to be a frontend design guidance skill with bundled reference data; the main thing to notice is that it documents running a bundled Python helper despite being listed as instruction-only and coming from an unknown source.

GuidanceThis skill looks safe for its stated frontend design purpose. Before installing, be aware that it may use a bundled Python search helper even though the registry labels it as instruction-only, and its source/homepage are not identified.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
python scripts/search.py "<product_type> <industry> <keywords>" --design-system

The skill instructs use of a bundled Python script as part of its design-search workflow. This is aligned with the stated purpose, but it is still local code execution that users should be aware of.

User impactThe agent may run a local helper script to search design reference data while helping build UI.
RecommendationKeep script execution user-directed and review the bundled scripts if you want to verify exactly how the helper works.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The package includes bundled scripts and data, but the provided metadata does not identify a source repository or homepage. This is a provenance gap, not evidence of malicious behavior.

User impactIt is harder to independently verify the origin, maintainer, or update history of the bundled helper code.
RecommendationPrefer packages with clear provenance when available, or inspect the bundled files before relying on the helper script.