ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ui Ux Pro Max 0.1.0

v0.1.0

UI/UX design intelligence and implementation guidance for building polished interfaces. Use when the user asks for UI design, UX flows, information architect...

0· 409·27 current·27 all-time
by@15349185792
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (UI/UX design + implementation) matches the included assets (colors, icons, patterns, design guidance) and the presence of helper scripts for generating design tokens. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md explicitly directs the agent to read bundled CSV/markdown reference files and optionally run skills/ui-ux-pro-max/scripts/design_system.py. That is within the stated purpose (generate tokens/output). However, running the bundled Python script will execute code from the skill bundle — the instructions do not mention any need to read system files or network resources, but the script itself could.
Install Mechanism
No install spec — the skill is instruction-only. This minimizes installation risk. The only runtime action the skill recommends is invoking a local python3 script that is bundled with the skill.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is appropriate for a design/implementation guidance skill.
Persistence & Privilege
always:false and no special privileges requested. The skill does not request permanent inclusion or modification of other skills or system-wide settings.
Assessment
This skill appears coherent for UI/UX work: it bundles design data and a Python script to generate tokens. The main risk is executing bundled code from an unknown source. Before running the script (python3 skills/ui-ux-pro-max/scripts/design_system.py): 1) Review the script's source for network access (requests/urllib/socket), subprocess/os calls, or filesystem access outside the skill folder. 2) If you can't review, run it in an isolated environment (ephemeral VM or container) with no access to sensitive files/credentials. 3) Avoid supplying real secrets or production config to the skill. 4) Prefer having the agent produce outputs by reading the CSV/MD files (safe, inspectable) rather than executing unknown code. If you want, I can summarize or statically analyze the scripts for network/file operations before you run them.

Like a lobster shell, security has layers — review code before you run it.

latestvk978nj03j3zjanpntfrhwtjkh5821d6m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments