Vue Component Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a simple Vue component generator; the main cautions are local file overwriting and documentation that advertises more options than the included script implements.
This skill is reasonable for simple Vue file generation. Use it in a controlled project directory, avoid unusual component names, and do not rely on the documented TypeScript/SCSS/output options unless the implementation is updated.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with an unexpected component name or in the wrong directory, it could overwrite or create an unintended .vue file.
The script builds the output filename and sed replacement directly from the first argument. This is purpose-aligned for a generator, but it has no validation or no-overwrite guard.
NAME="${1:-MyComponent}"
cat > "$NAME.vue" << 'VUE'
...
sed -i "s/COMP_NAME/$NAME/g" "$NAME.vue"Use simple component names without path separators, run it only in the intended project directory, and review the generated file before committing. Maintainers should add name validation and avoid overwriting existing files without confirmation.
Users may think the tool supports TypeScript, SCSS, API mode selection, or output directory selection when the included implementation does not.
The documentation advertises options and capabilities that are not reflected in the included shell script, which can mislead expectations about what the skill will generate.
| `--typescript, -t` | 启用 TypeScript | | `--scss, -s` | 启用 SCSS | | `--output, -o` | 输出目录 |
Treat the advertised options as unverified unless the maintainer updates the script or documentation to match.