ClawHub

primevue

v1.0.0

PrimeVue UI component library for Vue.js with 100+ components. Covers design token theming, unstyled mode, pass-through (pt) styling, forms with validation,...

0· 47·0 current·0 all-time
by岳晓亮@yuexiaoliang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included SKILL.md and reference docs. Required binaries/env/configs are none, which is appropriate for a documentation/instruction-only UI library skill. The npm packages and CDN references in the docs are consistent with a frontend UI toolkit.
Instruction Scope
Runtime instructions are purely developer-facing examples (npm install, import statements, usage examples). They do not instruct the agent to access system files, secrets, or external endpoints beyond normal package registries and a CDN. Code examples show typical component usage and theming.
Install Mechanism
There is no install spec for the skill itself (instruction-only). The docs recommend installing packages from npm or using a CDN (unpkg), which is expected for this kind of library and does not create additional installer risk within the skill bundle.
Credentials
The skill requests no environment variables, credentials, or config paths. Package dependencies mentioned (primevue, @primeuix/themes, @primevue/forms, etc.) are appropriate for the stated functionality and there are no unexplained secrets or cross-service credentials.
Persistence & Privilege
Skill flags show default privileges (always: false, agent invocation allowed). There is no request for permanent system presence or modification of other skills/configs.
Assessment
This bundle is documentation and examples for a Vue UI library and appears internally consistent. Before using the actual packages it references, verify you install them from the official npm registry or the vendor's site (check the package publisher and integrity), and prefer pinned versions. Be cautious when using third-party themes or CDN bundles—review their source and license. In your app, treat pass-through hooks and any functions injected into templates as executable JavaScript and review them for untrusted code (especially when using unstyled/pt functions or third-party presets). If you plan to use file upload examples, ensure the server endpoint (/api/upload or similar) is one you control and is secure. Overall the skill itself is documentation-only and does not ask for secrets or system access.

Like a lobster shell, security has layers — review code before you run it.

latestvk9756dht59qj3myxrp5cqqq5y984s058

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments