Skillv1.0.1

ClawScan security

awesome-demo-web-build · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 10, 2026, 2:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions generally match a web-demo scaffolder, but there are notable inconsistencies and supply‑chain/network risks (undeclared runtime requirements, remote fetches, and third‑party script inclusion) that you should understand before running it.
Guidance: This skill appears to be a legitimate web-project scaffolding guide, but take precautions before running the generated commands: - The SKILL.md assumes you have node/npm/npx and network access; the skill metadata does not declare these requirements — install or confirm Node.js tooling first. - The scaffolding commands run npx/npm which will download packages from npm and other registries. Inspect the generated package.json and node_modules before running or deploying the project. - The skill fetches DESIGN.md files from raw.githubusercontent.com and suggests adding remote icon JS from at.alicdn.com; those external resources will be embedded in your project and may execute remote code at runtime. Prefer to review the downloaded DESIGN.md and avoid embedding remote script tags unless you trust the source. - If you plan to run this on a sensitive machine or in CI, run the scaffold in an isolated/containerized environment, and review all fetched files and added dependencies. If you want higher assurance, ask the publisher for explicit declarations of required binaries (node/npm), pinned package versions, and an allowlist of remote hosts the skill will fetch from.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (generate web demo projects) matches the instructions (use npx create-next-app, shadcn, install dependencies, inject DESIGN.md). However the skill declares no required binaries or environment variables even though the runtime instructions assume node/npm/npx, and network access to fetch external DESIGN.md and npm packages — a mismatch that should have been declared.
Instruction Scope: noteSKILL.md stays within the stated purpose (scaffold a project, inject design spec, generate components). It instructs the agent to perform network fetches (WebFetch) of DESIGN.md from raw.githubusercontent.com and to write DESIGN.md into the project root. Those are reasonable for the task but they permit downloading external content into generated projects and adding remote script tags (iconfont/Alibaba CDN), which increases supply‑chain/runtime risk.
Install Mechanism: noteThere is no formal install spec (instruction-only), which minimizes direct disk changes by the skill itself. But the scaffolding commands invoke npx/npm which will download packages from public registries and third‑party CDNs at runtime — normal for scaffolding, but still a supply‑chain vector. The external sources used (npm packages, raw.githubusercontent.com, at.alicdn.com) are public and common, but the skill does not document or vet specific package versions.
Credentials: okThe skill requests no credentials or environment variables. That is proportionate to its purpose. There is no attempted access to unrelated config paths or secrets in SKILL.md. (Note: some recommended stacks may later require user credentials, e.g., Supabase or Stripe, but those are not requested by the skill itself.)
Persistence & Privilege: okalways:false and no install hooks are present. The skill does not request persistent presence, does not modify other skills, and does not declare self-elevation. It writes files into the scaffolded project only after explicit confirmation per the instructions.