v0.1.0

Ai Sdk Ui

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

The skill is mostly a coherent AI SDK UI guide, but it includes an unsafe raw-HTML chat rendering example that users should review before copying into an app.

GuidanceReview the message-rendering examples before using this skill’s templates. Do not copy the dangerouslySetInnerHTML pattern for model or user messages unless you add robust HTML sanitization. Keep AI provider keys server-side, avoid storing sensitive chat history unnecessarily, and pin package versions for production.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

references/streaming-patterns.md

<div dangerouslySetInnerHTML={{ __html: formatMessage(message.content) }} />

The example renders chat message content as raw HTML after simple string replacement, with no escaping or sanitizer shown. In an AI chat UI, message.content may contain untrusted user or model-generated text.

User impactIf copied into a real chat app, malicious or prompt-injected message content could become cross-site scripting or unsafe HTML in the user's browser.

RecommendationAvoid dangerouslySetInnerHTML for chat messages unless content is sanitized. Prefer ReactMarkdown without raw HTML, add a sanitizer such as rehype-sanitize or DOMPurify, and escape user/model text before rendering.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

scripts/check-versions.sh

latest=$(npm view "$package" version 2>/dev/null) ... npm install ai@latest @ai-sdk/openai@latest @ai-sdk/anthropic@latest @ai-sdk/google@latest react@latest react-dom@latest next@latest zod@latest

The user-directed helper script checks npm for latest package versions and prints an @latest install command. This is aligned with a dependency-template skill, but it relies on live package registry state rather than pinned versions.

User impactInstalling latest packages can introduce breaking changes or dependency supply-chain risk if copied without review.

RecommendationUse pinned or range-controlled dependency versions for production projects, review changelogs before upgrading, and keep a lockfile under version control.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

references/nextjs-integration.md

OPENAI_API_KEY=sk-... ANTHROPIC_API_KEY=sk-ant-... GOOGLE_GENERATIVE_AI_API_KEY=...

The examples show provider API keys for the user's app. This is expected for AI SDK integration and there is no artifact evidence of logging, hardcoding real secrets, or unrelated transmission.

User impactUsers who follow the examples will connect their app to paid AI provider accounts, so leaked or over-permissive keys could incur costs or expose account access.

RecommendationStore provider keys only in server-side environment variables, never expose them to client components, rotate keys if leaked, and use provider-side limits where available.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

references/streaming-patterns.md

initialMessages: loadFromLocalStorage(chatId), ... saveToLocalStorage(chatId, messages);

The skill documents persisting chat messages in browser localStorage. This is purpose-aligned for chat history, but retained conversations may include sensitive prompts, responses, or tool outputs.

User impactChat history may remain on the device after the session and may be accessible to other scripts running in the same web origin.

RecommendationOnly persist chat history when needed, provide a clear delete/clear option, avoid storing secrets, and consider expiration or server-side access controls for sensitive applications.