Complete Tailwind CSS documentation. Use when working with Tailwind CSS utility classes, responsive design, dark mode, animations, custom configurations, plugins, or styling questions. Covers all utility classes, modifiers, configuration options, and best practices.
Security Analysis
medium confidenceThe skill is mostly a coherent, local copy of Tailwind documentation (no creds, no install), but a prompt-injection pattern was detected inside SKILL.md which warrants manual inspection before installing.
The name/description (Tailwind CSS documentation) match the packaged contents: many .mdx reference files and a README describing documentation extracted from tailwindlabs/tailwindcss.com. The skill declares no binaries, env vars, or config paths — consistent with a read-only documentation skill. A single small utility source file (references/utils/colors.ts) is present and appropriate for docs rendering.
SKILL.md tells the agent to read files under references/ to answer Tailwind questions, which is within scope for a documentation skill. However the static pre-scan flagged a 'base64-block' pattern in SKILL.md (prompt-injection pattern). That is unexpected for a pure doc skill and should be reviewed: look for embedded base64/data-uris or obfuscated text in SKILL.md or truncation/hidden instructions that might try to influence the agent.
No install spec is present (instruction-only behaviour). Nothing is downloaded or written during install, minimizing install-time risk. The large file set is bundled with the skill, so no remote fetches are required.
The skill requires no environment variables, credentials, or config paths. This is proportionate for a documentation/reference skill.
Flags are default (always: false, user-invocable: true). The skill does not request persistent privileges or system-wide configuration changes and does not claim to write other skills’ configs.
Guidance
This skill appears to be a straightforward local copy of Tailwind CSS documentation and does not ask for credentials or install remote code, which is good. However, the SKILL.md triggered a 'base64-block' prompt-injection heuristic — you should manually inspect the full SKILL.md (and any large/truncated files) before installing. Look for embedded base64/data-URIs or long encoded strings and any instructions that go beyond 'read from references/'. Verify the source (owner ID is unknown), confirm license/attribution if that matters, and if you're unsure run the skill in an isolated/test agent or review the code files (references/utils/colors.ts) for dynamic eval/exec patterns. If SKILL.md simply contains data URIs or benign examples, the risk is low; if it contains encoded prompts or hidden instructions, do not install.
Latest Release
v0.1.0
- Initial release of the Tailwind CSS skill, providing complete documentation and coverage for all utility classes, responsive design, configuration, plugins, and best practices. - Documentation is organized into modular `.mdx` files by topic, accessible via a clear structure and quick reference table. - Supports key topics: setup, utility classes, customization, dark mode, plugins, advanced features, and common styling tasks. - Includes guidance on how to navigate and leverage the embedded documentation for various Tailwind CSS questions.
More by @leonaaardob
Published by @leonaaardob on ClawHub
