ClawHub

V0 Dev

v1.0.0

v0.dev AI 前端生成助手,精通 UI 组件生成、shadcn/ui、Tailwind CSS、Next.js

0· 148·0 current·0 all-time
by@zhangifonly
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (v0.dev, shadcn/ui, Tailwind, Next.js) matches the SKILL.md guidance. The skill does not ask for unrelated credentials, binaries, or config paths — the requested operations are appropriate for a UI code-generation helper.
Instruction Scope
Runtime instructions are limited to prompt guidance and example CLI commands (e.g., `npx shadcn@latest init`, `npx v0 add <生成的代码 URL>`). The SKILL.md does not instruct reading unrelated files or exfiltrating data, but it explicitly suggests fetching and importing code from external URLs/ npm packages, which means remote code will be executed at runtime unless the user verifies sources.
Install Mechanism
No install spec (instruction-only) — nothing is installed at skill install time. However, recommended workflows use npx to fetch packages at runtime (npm registry and arbitrary URLs via the CLI). That is expected for this purpose but carries the usual risk of executing remote code.
Credentials
The skill requests no environment variables, credentials, or config paths — this is proportional for a frontend code-generation helper.
Persistence & Privilege
always is false and there are no special persistence or system-wide configuration changes described. Model invocation is allowed (default), which is normal; there are no elevated privileges requested by the skill itself.
Assessment
This skill is internally consistent for generating frontend UI code, but be aware it recommends running npx commands that fetch and execute remote packages (e.g., `npx v0 add <URL>`). Before running those commands: (1) verify the source URL or npm package and prefer pinned versions, (2) run in a development or isolated environment (container/VM) rather than production, (3) review the imported/generated code for security issues and licenses, and (4) avoid running untrusted npx commands with elevated privileges. If you need higher assurance, ask the skill author for concrete provenance/versions for the CLI tools it recommends.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bk457rd9zcd31tmjqvana9h83a59y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments