Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Talk2UI
v1.0.0SwiftUI 口语化编程技能。当用户用中文描述 UI 需求(如"做一个毛玻璃卡片"、"按钮要跟手"、"这个元素是主角")时激活此技能,将口语转化为符合物理隐喻规范的 SwiftUI 代码。
⭐ 0· 74·0 current·0 all-time
by@soponcd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description is a translator for Chinese UI descriptions → SwiftUI, which is plausible. However the SKILL.md expects many local resources (scripts/, examples/, .agent/memory) and runtime tools (python, a preview shell script, Xcode Canvas) while the registry metadata declares no required binaries, no install spec, and no included code files. The skill therefore claims capabilities that require resources not provided or declared.
Instruction Scope
Runtime instructions tell the agent to read and write agent-local files (e.g., .agent/memory/user-preferences.md, examples/cheat-sheet.md), to 'activate memory' before any task, to auto-prompt users at session end, and to run scripts (python scripts and a preview shell). These file reads/writes and proactive behaviors extend beyond mere code generation and may access or persist user data without explicit consent.
Install Mechanism
There is no install spec (instruction-only), but the SKILL.md refers to multiple scripts and a preview shell that would need to exist on disk and be executable. The bundle actually contains only SKILL.md (no scripts). This mismatch (referencing executable artifacts that aren't present) is inconsistent and could lead the agent to attempt to run non-existent or externally provided tools.
Credentials
No environment variables or credentials are requested, yet the instructions access and modify agent-local configuration/memory files and request integration with local tooling (Xcode). Accessing and persisting user preferences in .agent/memory is not declared as a required permission and may be disproportionate for a simple code-generation skill.
Persistence & Privilege
The skill mandates activating 'memory' before any task and records learned expressions and preferences into .agent/memory and examples/cheat-sheet.md. Although always:false, the skill still requests persistent modifications to the agent workspace across sessions; this should be explicit and under user control.
What to consider before installing
This skill's instructions expect to read/write agent memory files and to run scripts (Python and a shell preview) that are not included in the package and not declared as required. Before installing or enabling it: 1) Verify the repository actually contains the scripts and example files SKILL.md references; if not, treat the skill as incomplete or broken. 2) Ask the publisher what files will be read/written (exact paths) and whether you can opt out of automatic 'memory' activation and persistent preference storage. 3) If the skill will run local commands (python, preview_in_xcode.sh), confirm what those commands do and run them in an isolated/test workspace first. 4) Prefer explicit consent for any automatic writes to .agent/memory or other user files; disable automatic preference saving if you want to avoid persistent changes. If you cannot verify the missing scripts or the exact memory-modification behavior, avoid enabling the skill or run it in a sandboxed agent environment.Like a lobster shell, security has layers — review code before you run it.
latestvk975zhqhqxkh97ph91an9tgmv183ny3h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💬 Clawdis