Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
design-researh
v1.0.0Turn fuzzy briefs into a stable pre-design workflow for requirement validation, brief clarification, early-stage research, inspiration direction setting, and...
⭐ 0· 116·0 current·0 all-time
byyxl@zhusunlangzi668
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, and SKILL.md consistently describe a pre-design research assistant that collects brief analysis and inspiration links from four design sites — the declared purpose matches the runtime instructions and included reference docs. However, .mcp.json defines mcpServers (npx commands) that enable Playwright and a Brave-search MCP server; that capability (and the BRAVE_API_KEY env reference inside it) is not documented in the skill's top-level requirements and is unexpected for an 'instruction-only' skill that declares no required env vars.
Instruction Scope
The SKILL.md stays on-topic: it instructs the agent to validate briefs, ask a small number of clarification questions, run structured research, and (if network access is available) return inspiration links from Behance, 站酷, 花瓣, and 小红书. It also explicitly reads only the included references/* files. The instructions do not ask the agent to read arbitrary system files or unrelated credentials.
Install Mechanism
Although the skill has no declared install spec, .mcp.json would cause runtime npx execution of @playwright/mcp@latest and @brave/brave-search-mcp-server@latest. That implies dynamic download and execution of npm packages at runtime (moderate to high risk depending on platform controls). The MCP server pattern may be legitimate for enabling browsable web search, but it is a capability that affects security posture and should have been surfaced in the skill's requirements/metadata.
Credentials
Top-level metadata lists no required environment variables, yet .mcp.json references BRAVE_API_KEY (in the brave-search server env). This is an inconsistency: the skill's behavior suggests it can use an external web-search API that requires a key, but the required credential is not declared in requires.env or primaryEnv. Asking for or accepting an API key is proportionate for a web-search-enabled skill, but it should be declared explicitly so users know what secrets they'd need to provide.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. agents/openai.yaml allows implicit invocation (normal for skills). There is no evidence the skill tries to persistently modify other skills or system-wide settings.
What to consider before installing
This skill appears to do what it says (structured brief-check and inspiration collection) and includes many local reference docs it will read. Two things to check before installing or enabling it widely: (1) .mcp.json would run npx to start MCP servers (Playwright and a Brave-search server) which downloads and runs npm packages at runtime — confirm your platform's policy for running such servers and whether you want that behavior; (2) .mcp.json references BRAVE_API_KEY even though the skill declares no required env vars — ask the publisher whether the skill requires an API key (and why), and avoid supplying unrelated credentials until you're confident. If you don't want the agent downloading npm packages or performing live web searches, run the skill in a restricted/no-network environment — the SKILL.md describes a clear offline degradation path. If you want links from the four design sites, ensure the environment's web-search capability is provided in a controlled way and that any API keys are scoped and audited.Like a lobster shell, security has layers — review code before you run it.
latestvk97a3ay8cka8f2t8kgqde9zdmh832t1e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.