web-front
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
This appears safe for its intended use as a local front-end page generator. Before installing, be aware it will write files under the skill’s html directory, may automatically open generated pages in your browser, can delete or rename generated projects if you ask, and keeps learning notes that affect future output. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Generated pages may run locally in your browser immediately after creation.
The skill intentionally opens generated web pages in a browser, which can execute the generated JavaScript. This is central to the preview workflow and is disclosed.
根据用户描述生成前端网页,自动保存并在浏览器中预览。
Use this only for pages you asked to generate, and inspect generated code before previewing or using it with sensitive data.
If you confirm the wrong project path, generated website files could be permanently deleted.
The skill documents a destructive shell command for deleting a generated website project. It is scoped to the html project directory and the instructions require confirmation before deletion.
rm -rf "{baseDir}/html/{项目名}"Confirm the displayed project name and path before deletion; prefer path validation or backups for important generated work.
Incorrect or unwanted design notes could carry forward into future generated pages.
The skill keeps persistent learning materials and reuses them in future generations. This is disclosed and scoped to the learning directory, but persistent notes can influence later outputs.
每次生成后总结经验,更新学习资料
Review the learning files periodically and remove any guidance you do not want reused.