Skip to content
← Registry
Trust Report

shadcn-ui

Use when building UI with shadcn/ui components, Tailwind CSS layouts, form patterns with react-hook-form and zod, theming, dark mode, sidebar layouts, mobile navigation, or any shadcn component question.

91
SUSPICIOUS
Format: openclawScanner: v0.7.1Duration: 41msScanned: 4d ago · Apr 4, 6:34 PMSource →
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus SUSPICIOUS 91AgentVerus SUSPICIOUS 91AgentVerus SUSPICIOUS 91
[![AgentVerus](https://agentverus.ai/api/v1/skill/f6a2fc91-f4d0-45a2-88a2-6d6e2f4d8967/badge)](https://agentverus.ai/skill/f6a2fc91-f4d0-45a2-88a2-6d6e2f4d8967)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/f6a2fc91-f4d0-45a2-88a2-6d6e2f4d8967/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"f6a2fc91-f4d0-45a2-88a2-6d6e2f4d8967","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/f6a2fc91-f4d0-45a2-88a2-6d6e2f4d8967/trust

Category Scores

78
Permissions
100
Injection
100
Dependencies
70
Behavioral
95
Content
100
Code Safety

Findings (5)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: Shell

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highCapability contract mismatch: inferred package bootstrap is not declared-10

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: npx shadcn@latest

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highPackage bootstrap execution detected-15

Found package bootstrap execution pattern: "npx shadcn@latest" Merged overlapping signals from the repeated finding family: - Package bootstrap execution detected

npx shadcn@latest init

Surface package bootstrap commands for review. Ephemeral package execution and install-time dependency pulls increase supply-chain risk, especially when versions are not pinned or provenance is unclear.

behavioralASST-04
infoSafety boundaries defined

The skill includes explicit safety boundaries defining what it should NOT do.

Safety boundary patterns detected in content

Keep these safety boundaries. They improve trust.

contentASST-09
infoOutput constraints defined

The skill includes output format constraints (length limits, format specifications).

Output constraint patterns detected

Keep these output constraints.

contentASST-09