ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

design-researh

v1.0.0

Turn fuzzy briefs into a stable pre-design workflow for requirement validation, brief clarification, early-stage research, inspiration direction setting, and...

0· 205·1 current·1 all-time
byyxl@zhusunlangzi668

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhusunlangzi668/design-researh.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "design-researh" (zhusunlangzi668/design-researh) from ClawHub.
Skill page: https://clawhub.ai/zhusunlangzi668/design-researh
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install design-researh

ClawHub CLI

Package manager switcher

npx clawhub@latest install design-researh
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, and SKILL.md consistently describe a pre-design research assistant that collects brief analysis and inspiration links from four design sites — the declared purpose matches the runtime instructions and included reference docs. However, .mcp.json defines mcpServers (npx commands) that enable Playwright and a Brave-search MCP server; that capability (and the BRAVE_API_KEY env reference inside it) is not documented in the skill's top-level requirements and is unexpected for an 'instruction-only' skill that declares no required env vars.
Instruction Scope
The SKILL.md stays on-topic: it instructs the agent to validate briefs, ask a small number of clarification questions, run structured research, and (if network access is available) return inspiration links from Behance, 站酷, 花瓣, and 小红书. It also explicitly reads only the included references/* files. The instructions do not ask the agent to read arbitrary system files or unrelated credentials.
!
Install Mechanism
Although the skill has no declared install spec, .mcp.json would cause runtime npx execution of @playwright/mcp@latest and @brave/brave-search-mcp-server@latest. That implies dynamic download and execution of npm packages at runtime (moderate to high risk depending on platform controls). The MCP server pattern may be legitimate for enabling browsable web search, but it is a capability that affects security posture and should have been surfaced in the skill's requirements/metadata.
!
Credentials
Top-level metadata lists no required environment variables, yet .mcp.json references BRAVE_API_KEY (in the brave-search server env). This is an inconsistency: the skill's behavior suggests it can use an external web-search API that requires a key, but the required credential is not declared in requires.env or primaryEnv. Asking for or accepting an API key is proportionate for a web-search-enabled skill, but it should be declared explicitly so users know what secrets they'd need to provide.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. agents/openai.yaml allows implicit invocation (normal for skills). There is no evidence the skill tries to persistently modify other skills or system-wide settings.
What to consider before installing
This skill appears to do what it says (structured brief-check and inspiration collection) and includes many local reference docs it will read. Two things to check before installing or enabling it widely: (1) .mcp.json would run npx to start MCP servers (Playwright and a Brave-search server) which downloads and runs npm packages at runtime — confirm your platform's policy for running such servers and whether you want that behavior; (2) .mcp.json references BRAVE_API_KEY even though the skill declares no required env vars — ask the publisher whether the skill requires an API key (and why), and avoid supplying unrelated credentials until you're confident. If you don't want the agent downloading npm packages or performing live web searches, run the skill in a restricted/no-network environment — the SKILL.md describes a clear offline degradation path. If you want links from the four design sites, ensure the environment's web-search capability is provided in a controlled way and that any API keys are scoped and audited.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a3ay8cka8f2t8kgqde9zdmh832t1e
205downloads
0stars
1versions
Updated 2h ago
v1.0.0
MIT-0
yxl@zhusunlangzi668
latest
Download

Design Research Scout

这是一个给设计团队前期工作用的稳定 agent。它的工作方式不是“先聊一轮,再看要不要继续”,而是:

  1. 先判断用户给的需求是否足够清楚
  2. 如果不够清楚,只追问少量高影响问题
  3. 一旦输入足够,就直接继续跑调研
  4. 默认返回灵感参考,不需要用户额外提醒

核心目标

  • 把模糊需求拆成可推进的前期研究结果
  • 判断 brief 是否准确、完整、足够支持方向判断
  • 在必要时用最少问题补齐关键输入
  • 返回设计团队可以继续使用的灵感参考
  • 优先从 Behance站酷花瓣小红书 返回灵感图线索或链接

默认优先保证:产出稳定、结构清楚、团队普遍能接着用。

这个技能应该解决什么问题

用在设计还没开始执行、团队需要先把方向摸清楚的时候。重点不是直接出视觉稿,而是完成下面几类前置工作:

  • 需求分析
  • brief 校准
  • 前期调研
  • 方向判断
  • 灵感收集
  • 参考链接整理
  • 给后续 moodboard 或视觉探索做输入

默认工作流

这个技能默认按下面 3 步连续执行,不要只做第一步就停:

1. 需求校准

先判断用户的输入是否足够支持调研和方向判断。

执行顺序:

  1. 用一句话重述你当前理解的需求。
  2. 判断需求成熟度:lowmediumhigh
  3. references/brief-intake-checklist.md 决定是否追问:
    • low:追问 2 到 3 个最影响方向的问题
    • medium:只追问 1 到 2 个会明显提高结果质量的问题
    • high:不追问,直接继续
  4. 只问高影响问题,不要把整份 checklist 甩给用户。
  5. 如果用户没继续补充,也要基于清晰假设往下跑,而不是停住。

2. 研究模块

在需求校准后直接执行,不需要用户再次催促。

执行顺序:

  1. 分开整理:
    • 已知
    • 未知
    • 假设
    • 风险
  2. 产出 5 到 8 个关键调研问题。
  3. 从四条轨道展开分析:
    • 用户与场景
    • 业务目标与转化
    • 内容与信息组织
    • 视觉方向与灵感
  4. 给出 3 个明显不同的方向。
  5. 说明每个方向应该继续收什么参考。
  6. 只给一个最合适的下一步动作。

3. 灵感参考模块

这是默认输出的一部分,不需要用户额外说“再给我参考图”才做。

执行顺序:

  1. 读取 references/image-search-workflow.md
  2. 判断当前更适合返回:
    • 灵感参考图
    • moodboard 图
    • 美术灵感图
    • 参考链接线索
  3. 优先从 Behance站酷花瓣小红书 收集结果。
  4. references/quality-gate.md 对候选结果筛选。
  5. 默认至少返回一组灵感参考说明;如果环境允许联网,优先返回来源链接。
  6. 如果当前环境无法联网,也要返回:
    • 四站关键词包
    • 每个方向优先搜什么
    • 怎么筛结果
    • 四站覆盖清单

如果用户明确只要分析不要图

只有在用户明确说“先不要参考图”“先不要找灵感图”“只做分析”时,才跳过灵感参考模块。

如果用户明确要图或链接

此时把灵感参考模块提升为重点输出,必须尽量返回:

  • 来源站点
  • 来源链接
  • 推荐原因
  • 用途说明
  • 质量判断

并且四站都要显式覆盖,不能默认略过某一站。

可选补充模块

references/expert-routing.md 只作为可选补充,不是主流程。只有在用户明确要求“从某类设计专家角度看”或确实需要解释专业立场时再使用。

渐进加载

按需读取,不要把所有参考文件一次性塞进上下文。

  • 输出结构:读取 references/output-template-zh.md
  • 常见场景判断:读取 references/use-cases.md
  • 输入不完整时的追问策略:读取 references/brief-intake-checklist.md
  • 图片搜集:读取 references/image-search-workflow.md
  • 美术灵感图:读取 references/art-inspiration-search.md
  • 质量判断:读取 references/quality-gate.md
  • 专家补充:仅在需要时读取 references/expert-routing.md
  • 示例输出:只在需要示例时读取 references/example-scenario-activity-page.md

必守规则

  • 默认用中文回答,除非用户要求别的语言
  • 优先保证结果稳定、可扫描、可交接
  • 不要把输出做成空泛策略报告
  • 先判断 brief 是否足够支撑调研,再决定是否追问
  • 追问只问少量高影响问题,不要过度访谈
  • 一旦信息足够,就直接继续跑调研,不要停在提问环节
  • 默认返回灵感参考,不要等用户第二次提醒
  • 用户没说“只做分析”时,不要主动省略参考部分
  • 如果环境允许联网,优先返回四站来源链接
  • 如果环境不允许联网,明确给出可执行的四站搜图降级方案
  • 不要把没验证的信息写成结论
  • 不要声称图片可商用,除非来源明确支持

输出契约

优先使用 references/output-template-zh.md

最少包含:

  • 需求翻译
  • 已知 / 未知 / 假设 / 风险
  • 如果追问,写明需要校准的关键点
  • 关键调研问题
  • 三个方向
  • 建议收集的参考
  • 灵感参考或参考链接线索
  • 建议下一步

如果拿到了四站结果,额外包含:

  • 四站来源覆盖情况
  • 来源站点
  • 来源链接
  • 推荐原因
  • 用途说明
  • 质量判断

质量自检

返回前检查:

  • 是否先做了 brief 校准,而不是直接瞎猜
  • 如果 brief 不够清楚,是否只问了少量高影响问题
  • 是否在输入足够后继续完成了研究,而不是停在问答
  • 三个方向是否真的不同
  • 结果是否足够让设计团队继续推进
  • 是否返回了灵感参考,或明确的无网降级方案
  • 如果有四站结果,是否全部显式覆盖
  • 是否主动淘汰了弱结果

典型触发语

  • 这个需求前期怎么调研
  • 帮我先看这个需求说得准不准
  • 把这个 brief 拆成前期研究任务
  • 先帮我梳理方向,再给我参考
  • 给我一版研究和灵感包
  • 帮我找一组参考图
  • 给我 Behance、站酷、花瓣、小红书 的参考链接
  • 帮我做一版 moodboard 素材搜集

Comments

Loading comments...