Variant Design Skill
v0.1.0Generates 3 distinct, high-quality UI design variations from a prompt using a comprehensive design system with options to vary, remix, polish, critique, and...
⭐ 1· 177·0 current·0 all-time
byNicole@yuqingnicole
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (generate UI design variations) match the provided assets and runtime instructions: design references, palettes, and actions are all design-related. No unrelated binaries, env vars, or external services are requested.
Instruction Scope
SKILL.md instructs the agent to gather project context and, if the user can't answer, to infer from the user's codebase (scan for color variables, font imports, component patterns, README/brand docs). Scanning a codebase is coherent with generating brand-consistent designs, but it means the agent will read project files — confirm consent and scope before allowing scans.
Install Mechanism
No install spec and no code files executed at runtime (instruction-only). This minimizes disk writes and arbitrary-code install risk.
Credentials
The skill requires no environment variables, credentials, or config paths. All declared needs (design references, palettes) are local files included in the skill bundle — proportional to the stated function.
Persistence & Privilege
Flags show always:false and no special persistence. The skill will not be force-enabled and does not request system-wide configuration or other skills' credentials.
Assessment
This skill appears to be what it claims: a design-variation generator using included references. Two practical cautions before installing/using it:
1) Codebase scanning: the skill explicitly says it will scan your project for colors, fonts, components, and README/brand docs if you don't provide context. Only allow this when you want the agent to access those files (e.g., in a project workspace). If you have sensitive code or secrets in the repository, do not allow an untrusted agent to scan it.
2) Review outputs before committing: the skill writes/export outputs (HTML/React, tokens). Inspect generated files for accidental inclusion of any secret strings or file contents you did not expect. The skill does not request external endpoints or credentials, but generated files could contain inferred brand text or data from your project.
No install or credentials are required, so the main decision is whether you are comfortable granting the agent read-access to the project files it may scan to infer brand/context. If you want stricter limits, provide the design context manually rather than granting repo access.Like a lobster shell, security has layers — review code before you run it.
latestvk97d4haq7trna4rr0wm81cywc582zryf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.