ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Frontend Design Extractor

v1.0.1

Extract reusable UI/UX design systems from frontend codebases: design tokens, global styles, components, interaction patterns, and page templates. Use when analyzing any frontend repo (React/Vue/Angular/Next/Vite/etc.) to document or migrate UI/UX for reuse across projects. Focus on UI/UX only; explicitly ignore business logic and domain workflows.

2· 2.3k·3 current·3 all-time
by@xsir0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (extract UI/UX design systems) matches the instructions: scanning a repo, creating an output spec, and performing targeted UI-only refactors. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope
Instructions explicitly tell the agent to scan repo files, scaffold an output folder, and apply minimal, in-place code changes for UI components and styles. This is appropriate for the stated purpose, but the skill grants the agent permission to read and modify a target repo — users should ensure the agent has explicit authorization and that changes are code-reviewed. The SKILL.md assumes helper scripts (e.g., scripts/scan_ui_sources.sh) exist in the repo; if they do not, the agent may attempt ad-hoc file scanning and edits.
Install Mechanism
No install spec or external downloads — instruction-only skill. Nothing is written to disk by an installer, lowering installation risk.
Credentials
The skill requests no environment variables, credentials, or config paths. For its stated functionality (reading/modifying frontend code), this is proportionate.
Persistence & Privilege
always is false and the skill does not request persistent installation or elevated platform-wide privileges. Autonomous invocation is allowed (platform default) but not by itself a red flag here.
Scan Findings in Context
[no_code_files_scanned] expected: The static scanner found no code files because this is an instruction-only skill (SKILL.md only). Lack of regex findings is expected but does not guarantee safety — runtime actions are defined in the instructions.
Assessment
This skill is coherent with its purpose, but it instructs an agent to read and modify a target codebase. Before installing or running it: 1) Confirm the target repo contains the referenced helper scripts (or be prepared for the agent to perform file scanning itself). 2) Ensure the agent has explicit permission to edit the repository and that changes will be reviewed (use dry-run mode, branch-based changes, or CI checks). 3) Back up or work on a feature branch to avoid accidental business-logic changes (the skill emphasizes UI-only edits, but verify diffs). 4) Restrict the agent's scope to the intended repo path and review any generated output in ./ui-ux-spec before merging. If you need stricter controls, require manual approval before the agent makes edits.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a1z46gbqw368vrqt8dkh27h803b7v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments