ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw Design

v0.2.3

AI 设计引擎——一句话生成 PPT、图表、架构图、海报、视频剪辑、落地页、原型、PDF 等 10+ 种设计产物。Claude Design 的免费开源平替。 内置 ChartSkill(饼图/柱状图/折线图,纯 SVG,自然语言输入自动解析)、VideoEditorSkill(FFmpeg 本地剪辑)、Slid...

0· 176·0 current·0 all-time
byyuchangxu@yuchangxu1989-openclaw

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yuchangxu1989-openclaw/claw-design.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Claw Design" (yuchangxu1989-openclaw/claw-design) from ClawHub.
Skill page: https://clawhub.ai/yuchangxu1989-openclaw/claw-design
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install claw-design

ClawHub CLI

Package manager switcher

npx clawhub@latest install claw-design
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated capabilities (charts, FFmpeg-based video editing, Whisper ASR, HTML/PPTX exports) are plausible for a design engine. However, the SKILL.md references local binaries (FFmpeg) and model-based tooling (Whisper) while the registry metadata lists no required binaries or environment variables—an omission that is inconsistent with the claimed functionality.
Instruction Scope
The SKILL.md is high-level and includes install commands (clawhub install, npm install) and links to GitHub/npm. It does not instruct the agent to read unrelated system files or environment variables, but it implicitly requires access to local media files and binaries for video/ASR work; the lack of explicit file/path guidance or permission notes is vague and could grant broad discretion when implemented.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the README encourages npm and clawhub installs and links a GitHub repo. Installing from npm/GitHub is common but carries the usual risks: the npm package could contain arbitrary code or install scripts. No direct download-from-URL or extract steps are present in the skill metadata.
!
Credentials
The skill declares no required environment variables or binaries, yet it explicitly depends on FFmpeg and Whisper (and possibly model files), which would normally require binaries, model storage, or API access. This gap means required credentials/binaries/model downloads are not declared, which is disproportionate to the transparency expected.
Persistence & Privilege
The skill is not marked always:true and does not request persistent privileges in the metadata. It's user-invocable and allows autonomous invocation (default), which is normal.
Scan Findings in Context
[no_scan_findings] expected: No code files were present to scan (instruction-only SKILL.md). This is expected but means static analysis offers little signal; the risk mostly comes from following the install instructions (npm/clawhub) which would pull external code.
What to consider before installing
Before installing or running this skill: 1) Inspect the GitHub repository and the npm package contents (package.json, install scripts, and published files) to ensure there are no unexpected postinstall scripts or binaries. 2) Verify the npm package author/publisher and recent publish history—prefer well-known or vetted sources. 3) Be aware the skill advertises use of FFmpeg and Whisper; install FFmpeg yourself from a trusted source and confirm how Whisper models are obtained (local model files vs. external API). 4) Run any installation first in an isolated environment (container or VM) and review what files the package will access—especially video/media files and local paths. 5) If you need a firmer assessment, provide the linked GitHub repo contents or the published npm package tarball so those can be inspected. I have medium confidence due to the metadata/instruction mismatch; clearer declared requirements or an explicit, vetted install spec would increase confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ews85py3aeeqangycxvy325858s87
176downloads
0stars
7versions
Updated 1w ago
v0.2.3
MIT-0
yuchangxu@yuchangxu1989-openclaw
latest
Download

Claw Design — AI 设计引擎

一句话生成视频剪辑、PPT、图表、架构图、海报、PDF、落地页、原型等 10+ 种设计产物。

安装

clawhub install claw-design

或通过 npm:

npm install @self-evolving-harness/claw-design

核心能力

  • 意图路由:自然语言输入 → 自动识别交付物类型 → 选择对应 Skill
  • 图表:内置 ChartSkill(饼图/柱状图/折线图,纯 SVG 渲染,支持中英文数据解析)+ chart-craft-plus 35+ 种扩展
  • 视频:高光提取、多视频融合、精剪、ASR 自动字幕(FFmpeg + Whisper)
  • 演示文稿:36 主题 × 31 布局,HTML + PPTX 双格式
  • 架构图:C4/部署/边界/模块关系,HTML/SVG 明暗双主题
  • 海报:HTML/CSS → PNG,品牌可配置
  • 质量门禁:自动拦截不合格产出
  • 多格式导出:HTML/PPTX/PDF/PNG/SVG/MP4

链接

Comments

Loading comments...