ClawHub
Back to skill
v0.1.0

Auto Animate

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

The skill appears purpose-aligned and benign; the main thing to notice is an optional setup script that installs an npm package and writes example files into a React project.

GuidanceThis skill is mainly documentation and templates for AutoAnimate. If you use the included setup script, run it from the correct project directory, check which files it creates or overwrites, and review the added npm dependency version.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
scripts/init-auto-animate.sh
pnpm add @formkit/auto-animate ... yarn add @formkit/auto-animate ... npm install @formkit/auto-animate ... cat > src/components/AnimatedListExample.tsx

The helper script runs package-manager commands and writes files into the user's project. This is disclosed and fits the setup purpose, but it is still local code execution and project mutation.

User impactIf the user runs the script, it will change the project by adding a dependency and creating or overwriting example source files at fixed paths.
RecommendationRun the script only in the intended project root, preferably with version control enabled, and review the resulting diff before committing.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/init-auto-animate.sh
pnpm add @formkit/auto-animate

The setup installs an external npm package without pinning an exact version. This is expected for the skill's purpose, but users may receive a newer package version than the documentation references.

User impactThe installed dependency can change over time, which may affect reproducibility or introduce upstream package risk.
RecommendationConsider pinning a reviewed version of @formkit/auto-animate in package.json or reviewing the package version installed by the script.