ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web Design

v1.0.0

CSS implementation patterns for layout, typography, color, spacing, and responsive design. Complements ui-design (fundamentals) with code-focused examples.

1· 3.2k·23 current·28 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (CSS implementation patterns for layout, typography, color, spacing, and responsive design) match the content of SKILL.md and README. There are no unrelated environment variables, binaries, or capabilities requested.
Instruction Scope
SKILL.md contains only design guidance, examples, and recommended installation commands for users (npx clawhub install, copying files). It does not instruct the agent to read arbitrary system files, access credentials, or exfiltrate data.
Install Mechanism
There is no formal install specification in the skill bundle (instruction-only), so nothing is written or executed automatically. The README suggests user-run commands (npx add from a GitHub path, npx clawhub install, manual copy) — these are user-facing instructions and not part of an automated install script in the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. Nothing in the content requires secrets or unrelated credentials.
Persistence & Privilege
Flags show always: false and disable-model-invocation: false (normal). The skill does not request permanent presence nor attempt to modify other skills or system-wide settings.
Assessment
This skill is an instruction-only design guide and appears coherent with its purpose. Before running any suggested install commands (for example the README's npx add of a GitHub path or any copy commands), verify the source repository and owner you trust; the skill bundle itself does not include code or automated installers, so any network fetch or npx command would be performed by you and should be reviewed first. If you plan to run the README's npx add URL, inspect that repository manually to ensure it contains only the design content you expect.

Like a lobster shell, security has layers — review code before you run it.

latestvk97djp8m95j48ewxnn0q69w7nn80w4bt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments