ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Graphic Design Mastery — World-Class AI Design System

v1.0.0

World-class graphic design skill system. Use ANY time the user asks to design, create, illustrate, brand, animate, prototype, layout, compose, render, sketch...

0· 167·0 current·0 all-time
by@tenlifejosh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill advertises a general-purpose, 'use-anytime' graphic design system and includes many domain references that align with that purpose. However, multiple files (e.g., COMPANY-INTEGRATION.md and parts of SKILL.md) hard-code Ten Life Creatives policies, brief templates, archive paths, and a required brand palette that the skill says to 'Always apply' unless changed in brief. For a generic public skill, embedding a single company's operational rules and mandatory brand colors is disproportionate and may cause the agent to enforce unrelated corporate policies on other users.
Instruction Scope
SKILL.md instructs the agent to 'read relevant reference files' before any design task (expected for a reference-driven skill). It also instructs 'Trigger aggressively', which increases how often the agent will invoke this skill for design-like requests. The manifest contains two Python scripts (scripts/generate_palette.py, scripts/recommend_fonts.py). The provided SKILL.md excerpts do not show explicit instructions to execute these scripts, but their presence increases runtime surface area if the agent is permitted to run code. The references include external resource examples (e.g., Google Fonts @import, CDN links) which will cause normal network requests when rendering or following examples.
Install Mechanism
There is no install spec (instruction-only), which is low risk for automatic code installation. However, the skill package includes code files (Python scripts). Because there's no install/install-time review step, those scripts would land on disk with the skill and could be executed by the agent or by humans — review their contents before execution. No downloads from external/unknown URLs are specified.
Credentials
The skill requests no environment variables, binaries, or credentials — appropriate for a design reference. That said, it contains hard-coded corporate configuration (brand palette, internal brief format, internal archive paths) that are organizationally specific; this is not a secret/credential risk but is disproportionate to a generic public skill and could lead to mistaken application of another organization's standards.
Persistence & Privilege
always:false and no OS restrictions are set. The skill is user-invocable and permits autonomous invocation (platform default). While autonomous invocation is normal, the SKILL.md's 'Trigger aggressively' guidance combined with embedded corporate rules increases the chance of unwanted/overbroad activation; consider adjusting trigger/eligibility rules if you install it.
What to consider before installing
This skill appears to be a comprehensive design reference, but there are two things to check before installing: (1) provenance — the package contains COMPANY-INTEGRATION.md and hard-coded 'Ten Life Creatives' brand rules and brief templates; if you aren't part of that org, the skill may inappropriately apply those standards. Confirm the publisher and intended audience. (2) executable artifacts — two Python scripts are included in scripts/. Inspect their code before allowing any runtime that can execute them. If you decide to use the skill, consider: restricting autonomous invocation or eligibility to design contexts you control, running it in a sandbox first, and asking the publisher/source for a homepage or repo to verify origin and intent.

Like a lobster shell, security has layers — review code before you run it.

brandvk973yandkgpzwyfnn7nwzcn66983b99kdesignvk973yandkgpzwyfnn7nwzcn66983b99kgenerativevk973yandkgpzwyfnn7nwzcn66983b99kgraphic-designvk973yandkgpzwyfnn7nwzcn66983b99killustrationvk973yandkgpzwyfnn7nwzcn66983b99klatestvk973yandkgpzwyfnn7nwzcn66983b99kmotionvk973yandkgpzwyfnn7nwzcn66983b99ktypographyvk973yandkgpzwyfnn7nwzcn66983b99kui-uxvk973yandkgpzwyfnn7nwzcn66983b99k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments