ClawHub

Spring Boot Engineer

v0.1.0

Use when building Spring Boot 3.x applications, microservices, or reactive Java applications. Invoke for Spring Data JPA, Spring Security 6, WebFlux, Spring Cloud integration.

4· 2.1k·4 current·4 all-time
byVeera@veeramanikandanr48
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Spring Boot 3.x, WebFlux, Spring Data JPA, Security, Cloud) match the included SKILL.md and reference files which provide patterns, code snippets, and templates for those exact topics.
Instruction Scope
The SKILL.md instructs the agent to act as a senior Spring Boot engineer and produce implementation artifacts (entities, controllers, services, tests). It does not tell the agent to read local files, environment variables, or send data to external endpoints. However, the reference examples contain configuration placeholders and a few permissive or potentially unsafe example settings (wildcard CORS in the gateway/globalcors, actuator show-details: always, example configserver credentials placeholders, use of POST /actuator/refresh). These are examples for implementation, not instructions to exfiltrate data, but you should review any produced configuration before deploying.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute. There is nothing fetched or written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials. Reference snippets include common placeholders (e.g., ${GIT_USERNAME}, ${GIT_PASSWORD}, ${CONFIG_PASSWORD}, jwt.secret) which are expected for sample Spring Boot configs — the skill itself does not demand them. If you use generated code, those variables would need secure provisioning (vault/secret manager) in your environment.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent system presence or modify other skills or global agent settings.
Assessment
This skill is coherent and appears to be a template/reference guide for Spring Boot development. It does not request credentials or perform installs, but it contains example configuration placeholders and several permissive example settings (e.g., wildcard CORS, actuator details, example config server credentials). Before using produced code in production: (1) replace placeholders with secrets stored in a secure vault, not in properties files; (2) avoid wildcard CORS in production and lock down actuator endpoints; (3) review gateway and config-server defaults for exposed endpoints and credentials; (4) run an internal code review and security scan on generated configurations and dependencies. If you need stronger assurance, ask the skill author for provenance (homepage/source) or request an explicit list of required env vars for any generated deployment manifests.

Like a lobster shell, security has layers — review code before you run it.

latestvk974saj8kr6tgykfd72h8pmc8n8088xn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments