Back to skill
Skillv1.0.0
ClawScan security
ui-designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 6:52 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only UI/front-end design generator and its requested resources and instructions are coherent with that purpose.
- Guidance
- This skill appears coherent and safe in that it only asks the agent to generate UI/design text and front-end code. Before using generated code, review it for any external network calls, embedded URLs, or package references (npm/Tailwind/Nuxt) you don't recognize; check package versions and licenses, and run the code in a sandbox or development environment rather than production. If you plan to integrate the generated code into a real project, verify dependencies and audit any added build or install scripts. If you want stronger assurance, request the author/source or a signed provenance for the skill.
Review Dimensions
- Purpose & Capability
- okThe name/description and the SKILL.md align: the skill asks the agent to produce UI/design descriptions and runnable front-end code (Vue/Tailwind). It does not request unrelated credentials, binaries, or system access.
- Instruction Scope
- okSKILL.md contains explicit content-generation instructions (design requirements, token tables, runnable Vue/Tailwind code). It does not instruct the agent to read files, access system configuration, or transmit data to external endpoints. The scope is limited to producing design text and code.
- Install Mechanism
- okThere is no install spec and no code files — this is instruction-only, so nothing will be downloaded or written by an installer as part of the skill itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths; the requested outputs (design tokens, code) don't require secrets or external credentials.
- Persistence & Privilege
- okThe skill does not request always:true or any elevated persistence. It is user-invocable and allows autonomous invocation by default (the platform default) which is reasonable for a content-generation skill.