ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ui-ux-pro-max for openclaw

v1.0.2

Mandatory UI/UX design intelligence engine. Must be executed via python3 before generating any UI/frontend code.

0· 162·0 current·0 all-time
by@heyanming

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for heyanming/ui-ux-for-openclaw.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ui-ux-pro-max for openclaw" (heyanming/ui-ux-for-openclaw) from ClawHub.
Skill page: https://clawhub.ai/heyanming/ui-ux-for-openclaw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ui-ux-for-openclaw

ClawHub CLI

Package manager switcher

npx clawhub@latest install ui-ux-for-openclaw
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the behavior: the skill provides a data-driven design system and includes offline datasets and Python scripts that produce design guidelines. Requiring a local evaluator to produce a design system before outputting frontend code is plausibly necessary for the stated purpose.
!
Instruction Scope
SKILL.md mandates executing a local Python script (scripts/search.py) for every UI/frontend request and strictly following that script's output. That is within the skill's purpose, but it grants the script broad discretion at runtime. The instructions do not enumerate safe boundaries (e.g., forbidding network or filesystem access outside the skill directory) nor do they provide the script's behavior inline. Without auditing the actual script code, this requirement is risky because the agent will run arbitrary code prior to generating output.
Install Mechanism
No install spec — instruction-only plus bundled scripts/data. This is low-install risk compared to downloads from remote URLs. The package includes many local CSV datasets, consistent with an offline design engine.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The lack of requested secrets is appropriate for an offline design tool. That said, the scripts could still read environment variables or files at runtime — this should be checked in the script source.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request elevated platform privileges in the metadata. However, the runtime mandate to execute a bundled script makes the execution privilege (exec python3) the critical control point — exercise caution where the agent has exec rights.
What to consider before installing
This skill appears to do what it claims (an offline design intelligence engine) and ships with datasets and Python scripts, but it forces the agent to run scripts before producing any UI code. Before installing or enabling this skill: (1) Open and review scripts/search.py, scripts/design_system.py, and scripts/core.py to confirm they do not make network requests, call external services, spawn other processes, or read files outside the skill directory. Search for use of 'requests', 'urllib', 'socket', 'subprocess', 'os.system', 'open(..., "r")' with absolute paths, or environment variable access. (2) If you cannot audit the code, run the skill in a restricted sandbox or container and monitor outbound network and filesystem activity. (3) Prefer enabling exec rights only in a controlled profile (limit safeBins) so the agent's python execution cannot reach sensitive host resources. (4) Because the skill's origin is unknown and there is no homepage, treat it as untrusted until you verify the script behavior. If you provide the script contents here, I can review them for network calls, secrets access, and other risky operations.

Like a lobster shell, security has layers — review code before you run it.

latestvk972822je1s6kh1h4s1fw7a3a183rj3x
162downloads
0stars
3versions
Updated 1mo ago
v1.0.2
MIT-0
@heyanming
latest
Download

UI/UX Pro Max Design Intelligence

CRITICAL INSTRUCTION: You are an AI Agent equipped with the ui-ux-pro-max skill. Whenever the user asks you to design, build, create, or improve ANY user interface (UI), frontend code, or layout (e.g., "Build a landing page", "Create a dashboard", "Design a mobile app"), YOU MUST IMMEDIATELY STOP AND EXECUTE THIS LOCAL SCRIPT FIRST. Do not rely on your internal knowledge or generate HTML/CSS directly. You must strictly follow the generated guidelines (colors, typography, effects) output by the script.

Execution Context:

  • You have exec tool permission to run python3.
  • Script Path: {baseDir}/scripts/search.py

🚀 The Mandatory Workflow

Step 1: Generate the Master Design System (REQUIRED)

You must ALWAYS start by generating a complete design system tailored to the user's request.

Execute via exec tool:

python3 {baseDir}/scripts/search.py "<user's keywords/industry>" --design-system -p "<Project Name>"

Example: If user asks for a beauty spa landing page, run python3 {baseDir}/scripts/search.py "beauty spa wellness service" --design-system -p "Serenity Spa"

What to do with the output:

  1. Read the Recommended Pattern (e.g., Hero-Centric).
  2. Extract the exact Color Palette HEX codes (Primary, Secondary, Background, Text).
  3. Use the exact Typography (Google Fonts) suggested.
  4. Strictly avoid any Anti-Patterns listed in the output.

Step 2: Implement the UI

Once you have the Design System output from Step 1, generate the frontend code (HTML/Tailwind, React, Vue, etc.) for the user.

  • Use the exact HEX colors provided by the script.
  • Add the Google Fonts import links provided.
  • Apply the specific border-radius, shadows, and hover effects recommended in the "KEY EFFECTS" section.
  • Apply the Pre-Delivery Checklist rules.

🔍 Advanced Search Capabilities (Optional but Recommended)

If the user's request requires specific details not covered by the main design system, you can perform targeted domain searches.

Available Domains:

  • style: Look up UI styles, colors, effects (e.g., "glassmorphism", "dark mode").
  • typography: Look up font pairings (e.g., "elegant luxury", "modern sans").
  • landing: Page structure strategies (e.g., "pricing", "testimonial").
  • chart: Chart library recommendations for dashboards (e.g., "real-time dashboard").
  • ux: Best practices and accessibility rules (e.g., "animation accessibility").

Execution format for Domain Search:

python3 {baseDir}/scripts/search.py "<keyword>" --domain <domain>

Execution format for Tech Stack Best Practices: If the user specifies a specific framework (e.g., React, Next.js, SwiftUI), fetch the stack-specific UI guidelines:

python3 {baseDir}/scripts/search.py "<keyword>" --stack <stack_name>

(Valid stacks: html-tailwind, react, nextjs, vue, svelte, swiftui, react-native, flutter, shadcn, jetpack-compose)

FINAL REMINDER: Never skip Step 1. Your code must reflect the data-driven design intelligence from this skill, not generic AI boilerplate.

Comments

Loading comments...