Back to skill
Skillv1.0.1
ClawScan security
EVA STYLE UI DESIGN SKILL · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 6:47 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only design skill that consistently provides EVA-inspired UI guidance and local example assets; it requests no credentials, installs, or external network actions and appears to do what it says.
- Guidance
- This skill is an offline design/reference bundle and appears safe technically: it contains only markdown and static CSS/HTML. Before using it in production, consider non-security issues: the theme and example lab use EVA/NERV language and visual motifs that may implicate trademark or copyright concerns—confirm you have rights to reuse any referenced brand names, logos, or proprietary fonts (the README suggests `Matisse EB` for titles). Also verify any downstream use of generated assets follows your licensing and IP policies. Finally, although this skill contains no network calls or secrets, always review any third-party prompts or automated publishing steps you pair with it to ensure you don't accidentally send proprietary designs or data to external services.
Review Dimensions
- Purpose & Capability
- okName, description, SKILL.md, and included reference files (tokens, typography, motion, pattern language, component rules, prompt recipes, example lab) are coherent: all materials support EVA-style UI design and component/prompt generation.
- Instruction Scope
- okRuntime instructions only reference the local reference files and the example lab; they do not instruct reading unrelated system files, accessing credentials, or posting to external endpoints. Prompts and review workflows are limited to design tasks.
- Install Mechanism
- okNo install spec or code files that would be downloaded or executed; lowest-risk, instruction-only packaging with only static assets and markdown included in the bundle.
- Credentials
- okNo required env vars, credentials, or config paths are declared or referenced. Nothing in the instructions asks for secrets or unrelated service tokens.
- Persistence & Privilege
- okSkill does not request always:true or other elevated persistence. It is user-invocable and may be autonomously invoked by the agent (platform default), but there is no installation behavior that modifies other skills or system settings.