Is ui-skills safe?

https://clawhub.ai/CorrectRoadH/ui-skills

89
SAFE

This skill is a pure-markdown collection of opinionated frontend UI development constraints (Tailwind CSS, accessibility, animation, typography). It contains no executable code, no data exfiltration vectors, no prompt injection attempts, and no mechanisms to access sensitive resources. The filesystem monitoring noise is entirely attributable to the openclaw runtime environment, not the skill. The only minor concerns are the strong MUST/NEVER directive style and a single external documentation URL reference.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 78/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 82/100 · 5%

Findings (6)

LOW Strong directive language shapes agent behavior -10

The skill uses imperative MUST/NEVER directives that will override default agent behavior for UI tasks. While all directives are legitimate UI constraints, the pattern of 47+ behavioral rules is notably opinionated and could conflict with user intent in edge cases (e.g., user wants gradients but skill says NEVER).

INFO External URL in skill content -5

The skill references an external URL (https://base-ui.com/react/components) as a documentation link for Base UI components. This is a passive reference, not a fetch instruction, but is noted for completeness.

LOW Runtime environment accessed sensitive files during installation -22

The openclaw runtime environment read .ssh/authorized_keys, .env, .aws/credentials, and various config files during the skill installation process. This is attributable to the runtime initialization, not the skill itself, but creates a noisy monitoring baseline. The skill has no mechanism to trigger these reads.

INFO No data exfiltration vectors found -5

The skill contains zero operational instructions — only declarative UI constraints. There are no mechanisms for reading, encoding, or transmitting data.

INFO No executable content -5

The skill is pure markdown containing only human-readable UI development guidelines. No scripts, hooks, submodules, or executable artifacts are present.

INFO Skill is well-scoped to its stated purpose -18

The skill description ('Opinionated constraints for building better interfaces with agents') accurately matches its content. All 47+ rules relate exclusively to frontend UI development: CSS, accessibility, animation, typography, layout, and design patterns. No rules attempt to influence agent behavior outside this domain.