shadcn/ui

The skill 'shadcn/ui' was thoroughly analyzed across all provided files: README.md, SKILL.md, _meta.json, and various docs/*/meta.json files. The analysis focused on detecting prompt injection, data exfiltration, obfuscation, unverifiable dependencies, privilege escalation, persistence mechanisms, metadata poisoning, indirect prompt injection, and time-delayed/conditional attacks.

1. No Executable Code: The most significant finding is the complete absence of executable scripts (e.g., .sh, .py, .js) within the skill package. The skill is purely a collection of static documentation in Markdown and JSON formats.
2. No Runtime Dependencies: The skill does not include any commands or mechanisms to install or execute external dependencies at runtime. The clawhub install commands mentioned in README.md are for installing the skill itself into the OpenClaw environment, not for runtime operations within the skill.
3. Trusted External Sources: All external URLs referenced (e.g., https://ui.shadcn.com, https://github.com/shadcn-ui/ui, https://github.com/openclaw/skills) are associated with well-known, trusted organizations (shadcn/ui, OpenClaw). These are purely informational references or links to the skill's origin, not sources for downloading or executing unverified code.
4. No Obfuscation: No patterns indicative of Base64 encoding, zero-width characters, Unicode homoglyphs, URL/hex encoding, or HTML entities were found in any of the text content or metadata.
5. No Prompt Injection: A thorough scan for prompt injection patterns (e.g., 'IMPORTANT: Ignore', 'You are now DAN') yielded no results in any of the documentation or metadata.
6. No Data Exfiltration: Without executable code, there is no mechanism for the skill to access sensitive file paths (like ~/.aws/credentials or ~/.ssh/id_rsa) or perform network operations to exfiltrate data.
7. No Privilege Escalation or Persistence: These threat categories require the ability to execute commands or modify system configurations, which is not possible with a purely static documentation skill.
8. No Metadata Poisoning: All metadata fields (name, description, author, tags, homepage, repository, documentation) are benign and accurately reflect the skill's purpose.
9. Indirect Prompt Injection: While any text-based skill could theoretically contain instructions that an LLM might misinterpret, this skill's content is derived from official shadcn/ui documentation, a reputable source. The risk of malicious indirect prompt injection from such a source is considered negligible for the purpose of this security analysis.

In conclusion, the skill is a static documentation package with no inherent security vulnerabilities. Its design as a 'no-code' skill significantly reduces its attack surface.