Is ui-audit safe?

The package.json includes a postinstall script that executes an echo command. While this specific instance is benign (static informational text only), postinstall scripts are a common vector for supply-chain attacks. The script contains no variable interpolation, command substitution, or network calls.

The skill instructs the agent to generate audit reports in a specific JSON format with defined fields. This is a legitimate templating pattern for a UI audit skill, but it does shape agent output behavior. The format does not include any fields that would capture sensitive system information.

The skill references external URLs (https://audit.uxtools.co, https://uxdecisions.com) as attribution and homepage links. These are not fetch directives — they appear in YAML frontmatter and markdown links for informational purposes only. The agent is not instructed to visit or fetch content from these URLs.

The skill ships a CLAUDE.md file which, if copied to a project root as suggested by the postinstall message, would inject instructions into Claude Code's system context. This is a documented and expected pattern for Claude Code customization, but users should review the contents before copying.

The filesystem monitor recorded OPEN/ACCESS events on /home/oc-exec/.env, .aws/credentials, .openclaw/openclaw.json, .profile, and .bashrc during installation. These reads are attributable to the openclaw gateway/installer process initialization (consistent timestamps, standard shell init sequence), not to the skill code itself. No writes were detected on any of these files.