Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
guidelines
v1.0.0根据用户自然语言描述自动生成符合FTdesign规范的列表页、表单页和详情页HTML预览页面,实现浏览器内直接预览。
⭐ 0· 643·6 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (FTdesign HTML generator) align with the included templates, CSS, references, README and an optional Python generator script. Required env/binaries/configs are none, which is proportionate for a template-based HTML generator.
Instruction Scope
SKILL.md limits behaviour to: detect page type, select templates in assets/templates/, fill with user-specified fields, generate HTML and open IDE preview. That stays within the declared purpose. Two things to note: (1) generated pages reference external CDNs (Remix Icon and Google Fonts) so opening previews will cause outbound network requests to those CDNs; (2) the repo includes scripts/generate-html.py which, if executed, will write files into the workspace — expected for this skill but worth reviewing before running.
Install Mechanism
There is no install spec (instruction-only), and no downloads or package installs declared. A local Python helper script is present but no automated installer or remote fetch is specified, which is proportionate and low risk.
Credentials
The skill requests no environment variables, credentials, or config paths. That matches its purpose of local HTML/template generation; no excessive secrets access is requested.
Persistence & Privilege
always:false and normal user-invocable/autonomous-invocation defaults are used. The skill does not request persistent system-wide changes or other skills' configs. Its expected workspace file writes (generated HTML) are appropriate for its function.
Assessment
This skill appears coherent and intended for generating local HTML previews using the included templates. Before running or allowing autonomous invocation: (1) inspect scripts/generate-html.py to confirm it only reads templates and writes files you expect; (2) be aware generated pages load external CDNs (Remix Icon, Google Fonts) when previewed — that will create outbound network requests and could be used to fingerprint activity; (3) run the script in an isolated workspace if you want to avoid accidental file writes; (4) note the skill source/homepage is not provided — if provenance matters, consider asking the publisher for source or a repository link. If you review the Python helper and templates and are comfortable with CDN usage and local file generation, this skill is reasonable to install.Like a lobster shell, security has layers — review code before you run it.
latestvk97503sjkymn3agrt83v4mr7w981y2n2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.