by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's description and bundled data align with a UI/UX helper, but it includes runnable Python scripts shipped inside the skill that the SKILL.md encourages you to execute — that makes the package coherent but potentially risky unless you inspect those scripts first.
评估建议
This skill appears to be what it claims (UI/UX guidance with local data), but exercise caution before running any bundled scripts. Specifically:
- The SKILL.md explicitly suggests running python3 skills/ui-ux-pro-max/scripts/design_system.py — executing that will run code included in the skill with whatever privileges your agent/workspace has. Review scripts/core.py, scripts/design_system.py, and scripts/search.py before running.
- Look for network calls (requests, urllib, socket), subprocess us...详细分析 ▾
✓ 用途与能力
Name/description (UI/UX design + implementation guidance) matches the included assets (color palettes, patterns, heuristics) and the presence of a design-system generator script; none of the declared requirements (no env vars, no external binaries) appear out of place.
ℹ 指令范围
Runtime instructions restrict the agent to reading bundled data files and optionally running a local Python script (scripts/design_system.py). The guidance does not ask for unrelated system files, credentials, or remote endpoints — however, executing bundled scripts grants them arbitrary runtime capability (file I/O, network, subprocess), so running them without code review elevates risk.
✓ 安装机制
There is no install spec and no external downloads; all assets are bundled in the skill. That avoids supply-chain download risks. Note: the skill is not purely instruction-only — it includes Python scripts that would be executed from the skill directory rather than installed from a third party.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths, which is proportional for a UI/UX assistant. There are no hidden credential requests in the SKILL.md.
✓ 持久化与权限
always:false and default invocation settings are appropriate. The skill does not request permanent platform-wide privilege in metadata. The main persistence concern would be if the bundled scripts modify system state, but that behavior is not declared — you must inspect the scripts to confirm.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/1/29
Initial Clawdbot packaging from upstream ui-ux-pro-max-skill
● 无害
安装命令 点击复制
官方npx clawhub@latest install ui-ux-pro-max
镜像加速npx clawhub@latest install ui-ux-pro-max --registry https://www.longxiaskill.com
技能文档
Follow these steps to deliver high-quality UI/UX output with minimal back-and-forth.
1) Triage
Ask only what you must to avoid wrong work:- Target platform: web / iOS / Android / desktop
- Stack (if code changes): React/Next/Vue/Svelte, CSS/Tailwind, component library
- Goal and constraints: conversion, speed, brand vibe, accessibility level (WCAG AA?)
- What you have: screenshot, Figma, repo, URL, user journey
If the user says "全部都要" (design + UX + code + design system), treat it as four deliverables and ship in that order.
2) Produce Deliverables (pick what fits)
Always be concrete: name components, states, spacing, typography, and interactions.- UI concept + layout: Provide a clear visual direction, grid, typography, color system, key screens/sections.
- UX flow: Map the user journey, critical paths, error/empty/loading states, edge cases.
- Design system: Tokens (color/typography/spacing/radius/shadow), component rules, accessibility notes.
- Implementation plan: Exact file-level edits, component breakdown, and acceptance criteria.
3) Use Bundled Assets
This skill bundles data you can cite for inspiration/standards.- Design intelligence data: Read from
skills/ui-ux-pro-max/assets/data/when you need palettes, patterns, or UI/UX heuristics. - Upstream reference: If you need more phrasing/examples, consult
skills/ui-ux-pro-max/references/upstream-skill-content.md.
4) Optional Script (Design System Generator)
If you need to quickly generate tokens and page-specific overrides, use the bundled script:python3 skills/ui-ux-pro-max/scripts/design_system.py --help
Prefer running it when the user wants a structured token output (ASCII-friendly).
Output Standards
- Default to ASCII-only tokens/variables unless the project already uses Unicode.
- Include: spacing scale, type scale, 2-3 font pair options, color tokens, component states.
- Always cover: empty/loading/error, keyboard navigation, focus states, contrast.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制