tailwind-theme-builder

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill is functionally consistent with its stated purpose and contains normal scaffolding instructions and example configs for Tailwind v4 + shadcn/ui. It does include supply-chain risk patterns: unpinned 'pnpm dlx shadcn@latest' (download-and-execute) and an unconditional 'rm -f tailwind.config.ts' delete instruction. There is no evidence in the provided text of credential harvesting, obfuscated payloads, network exfiltration, or other active malware. Recommend users audit the remote package before running dlx, pin versions, and back up configuration files before deleting. LLM verification: The provided skill/documentation appears to be legitimate developer guidance for configuring Tailwind v4 with shadcn/ui and dark mode. It does not contain direct malicious code or explicit exfiltration/backdoor behavior. The dominant security concern is supply-chain risk: unpinned dependency installs and use of pnpm dlx (download-and-execute) along with an unconditional rm -f instruction. These raise the security risk to a medium level and warrant mitigation (pin versions, provide provenance and