claude-design-ui-framework
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to download a pre-built binary package from 'https://github.com/mikesheehan54/Claude-Code-Design-AI/releases/download/Software/ClaudeDesign.zip' and to clone a repository from 'https://github.com/mikesheehan54/Claude-Code-Design-AI.git'. The source repository is owned by an unverified third-party account that does not match the skill's author ('Aradotso').
- [COMMAND_EXECUTION]: Following the download or clone, the documentation guides the user to execute potentially dangerous commands on the external content, including 'unzip', 'npm install', and 'npm run dev'. Running package installation and development scripts on untrusted code can lead to arbitrary code execution within the user's environment.
- [REMOTE_CODE_EXECUTION]: The pattern of fetching external archive/code from an unknown source and immediately performing installation and execution steps represents a high-risk remote code execution vector.
Recommendations
- AI detected serious security threats
Audit Metadata