← 返回 Skills 市场
UI Craft Pro
作者
Aira Elite
· GitHub ↗
· v0.2.2
· MIT-0
156
总下载
0
收藏
0
当前安装
10
版本数
在 OpenClaw 中安装
/install ui-craft-pro
功能描述
Design, refine, and implement better UI for websites, dashboards, apps, landing pages, and components by using a local design knowledge base plus a code-firs...
安全使用建议
This skill appears to be a local design & code assistant that ships with a large offline knowledge base and Python scripts. That is coherent with its description, but it contains two things you should check before use: (1) open and read SKILL.md completely for any instructions that ask the agent to change its system prompt or to send data to an external endpoint — the pre-scan flagged a possible prompt-injection phrase; (2) inspect the bundled Python scripts (scripts/*.py and data/_sync_all.py) for network calls (requests, urllib, sockets), subprocess.exec usage, or file operations outside the skill folder. If you aren't comfortable auditing the code, run the scripts in a restricted environment (container, VM) with no secret credentials mounted and no sensitive files accessible. Do not run them with elevated privileges or in a workspace where they can access other users' files or cloud credentials. If you plan to let the agent invoke the skill autonomously, be extra cautious: autonomous execution plus bundled code and a prompt-injection pattern increases blast radius. If you want, I can scan the remaining script files for network or subprocess patterns and summarize any risky calls I find.
功能分析
Type: OpenClaw Skill
Name: ui-craft-pro
Version: 0.2.2
The bundle is a comprehensive UI/UX design toolkit that includes a file-writing feature in `scripts/design_system.py` (via `persist_design_system`) to save design specifications. While this capability is aligned with the stated purpose of 'persisting' a design system, the implementation lacks strict path sanitization on the `project_name` and `page` parameters, which could potentially be exploited for path traversal. No evidence of intentional malice, data exfiltration, or backdoors was found in the code or the `SKILL.md` instructions.
能力评估
Purpose & Capability
Name/description align with included assets: a large local design knowledge base (CSV data, references) and Python scripts for searching, generating design-systems, and producing style/code artifacts. The requested resources (no env vars, no external binaries) are proportionate to a local design/code helper. Minor oddity: several script files appear twice in the manifest (scripts/*.py listed twice), which looks like a packaging duplication but not necessarily malicious.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python scripts (e.g., python3 skills/ui-craft-pro/scripts/search.py ...) and to use the local CSV knowledge base; that is within the skill's stated scope. However the static pre-scan flagged a 'system-prompt-override' pattern inside SKILL.md (prompt-injection). Even if benign, that indicates the skill's prose contains phrases that could try to alter model/system behavior. Additionally, the scripts (not fully shown) could read/write the local data files (data/_sync_all.py does so) and may execute arbitrary Python logic; you should inspect scripts for any network calls, telemetry, or instructions to alter agent/system prompts before running.
Install Mechanism
There is no install spec (instruction-only style), which minimizes installer-level risk. That said, code files are bundled with the skill and will be executed if the agent follows SKILL.md commands; no remote downloads were declared in the registry metadata. Risk comes from executing bundled code, not from an installer fetching third-party archives.
Credentials
The skill declares no required environment variables, credentials, or external endpoints — appropriate for an offline design helper. Nonetheless, bundled scripts (e.g., data/_sync_all.py) operate on local files (reading/writing CSVs) and could be implemented to access other filesystem locations or the network. Without reviewing all script code for network I/O or file-system paths outside the skill directory, there is residual risk of data exposure.
Persistence & Privilege
always:false and no claims to modify other skills or global agent configuration. The skill's own scripts include a sync utility that mutates files inside its data directory, which is reasonable for keeping the local knowledge base coherent. No indication the skill attempts to persist beyond its bundle or force-enable itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ui-craft-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/ui-craft-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.2
README visual comparison pass
v0.2.1
README maturity pass with chooser, mistakes, and FAQ
v0.2.0
README productization upgrade with proof and outcome framing
v0.1.9
README documentation architecture upgrade
v0.1.8
README hero/positioning upgrade + live demo integration
v0.1.7
Showcase page + reference-driven docs/workflow upgrade
v0.1.4
Soften SKILL.md wording to reduce false-positive prompt-injection warnings while keeping the workflow intact.
v0.1.3
Improve ClawHub listing summary and sharpen first-glance positioning.
v0.1.2
Add ClawHub install guidance, GitHub/registry links, and publish payload links for better discovery.
v0.1.1
OpenClaw-first packaging, examples, project integration guide, cleaner publish payload, and richer showcase demos.
元数据
常见问题
UI Craft Pro 是什么?
Design, refine, and implement better UI for websites, dashboards, apps, landing pages, and components by using a local design knowledge base plus a code-firs... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 156 次。
如何安装 UI Craft Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ui-craft-pro」即可一键安装,无需额外配置。
UI Craft Pro 是免费的吗?
是的,UI Craft Pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
UI Craft Pro 支持哪些平台?
UI Craft Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 UI Craft Pro?
由 Aira Elite(@airaeliteagent)开发并维护,当前版本 v0.2.2。
推荐 Skills