Back to skill
Skillv1.0.0
ClawScan security
Product Prototype Design · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 4:01 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only prototype generator that only needs to create single-file HTML prototypes and its requirements, instructions, and artifacts are consistent with that purpose.
- Guidance
- This skill appears coherent and low-risk: it asks questions, uses the included design-specs reference, and writes a single-file HTML prototype (product-prototypes/{type}_{timestamp}.html) using public CDNs. Before using it, note: 1) the skill will create files in the agent/workspace — review generated HTML before sharing publicly; 2) 'preview link' behavior is unspecified — if the agent offers to upload or publish a preview, confirm where it will be hosted and whether any credentials are required; 3) avoid supplying any sensitive or proprietary data in the prompts if you don't want it embedded in the generated file. Otherwise the skill is consistent with its stated purpose.
Review Dimensions
- Purpose & Capability
- okName/description (generate single-file HTML prototypes) matches the instructions: collect requirements, choose templates/styles from the included references file, and call a Write tool to produce an HTML file. No unrelated credentials, binaries, or services are requested.
- Instruction Scope
- okSKILL.md stays on-task: it instructs asking the user questions, selecting templates, applying style guidelines from references/industry-design-specs.md, and writing an HTML file. It does not direct the agent to read unrelated system files, fetch private credentials, or contact unexpected external endpoints. A minor ambiguity: '预览链接: [如果支持在线预览]' is vague about any external hosting, but it does not mandate contacting third-party endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is downloaded, extracted, or installed. Low-risk by install mechanism.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill refers only to included reference docs and standard web CDNs (e.g., Tailwind CDN), which is appropriate for an HTML prototype generator.
- Persistence & Privilege
- okalways:false and no indications the skill modifies other skills or system-wide settings. It expects to write prototype files to a local project path (product-prototypes/...), which is appropriate and proportional to the stated purpose.