Shadcn Ui

v1.0.0

Use when building UI with shadcn/ui components, Tailwind CSS layouts, form patterns with react-hook-form and zod, theming, dark mode, sidebar layouts, mobile navigation, or any shadcn component question.

⭐ 8· 7.2k·56 current·60 all-time

by@jgarrison929

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (shadcn/ui, Tailwind, react-hook-form, zod) matches the SKILL.md content and the commands shown (npx shadcn@latest init / add ...) which are the normal way to add shadcn components to a project. No unrelated services, binaries, or credentials are requested.

✓

Instruction Scope

SKILL.md contains guidance and code examples for building UI components and shows only project-local actions (run npx to add components, copy/paste component code, modify project files). It does not instruct reading unrelated system files, environment variables, or exfiltrating data to external endpoints beyond using npm (npx) to fetch the tool.

ℹ

Install Mechanism

This is instruction-only (no install spec / no code files), which is low-risk. The only noteworthy point is the explicit use of npx shadcn@latest — npx fetches/executes remote code from npm at runtime. That behavior is expected for installing shadcn but is a general supply-chain consideration (see user guidance).

✓

Credentials

The skill requests no environment variables, no credentials, and no config paths. The lack of required secrets is proportionate to an authoring/implementation helper for UI components.

✓

Persistence & Privilege

always is false and the skill is not asking for any persistent system-level privileges or to modify other skills. Autonomous invocation is allowed by default (platform behavior) but this skill's instructions do not require elevated persistence.

Assessment

This skill is coherent for helping with shadcn/ui development. Before running the suggested npx commands in your project: 1) prefer pinning a version instead of @latest (e.g., npx shadcn@1.2.3) to avoid unexpected changes; 2) inspect the package (or its repository) and the files it will add, especially if running in a production repo; 3) run in a local/dev environment or sandbox, not as root; 4) ensure you have backups or version control (git) so you can revert generated changes; and 5) if you need extra assurance, run npm audit / review the published package before executing npx. These are general supply-chain precautions — they do not indicate the skill itself is malicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk975g5c6vznaqhxscfrankzg3d80dz32

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Shadcn Ui

License

Comments