UI Audit
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
If installed through npm, a local install-time command runs, but the shown command only prints text.
Why it was flagged
npm postinstall scripts run during npm installation. In this artifact, the lifecycle script is limited to an echo message with setup guidance, so it is noteworthy but not suspicious.
Skill content
"postinstall": "echo '\\n📖 UI Audit skill installed. Add to your project:..."
Recommendation
Install from a source you trust and verify package metadata if using npm; no additional action is needed for the shown postinstall behavior.