Senior Frontend
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a legitimate frontend development helper, but users should review its local file-generation and npm-install steps before running them.
This skill looks coherent for frontend development. Before installing or using it, review the Python scripts, run generators with dry-run options first, use version control, and inspect the generated package.json before running npm install.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the helper scripts will execute code on the user's machine and may create or modify project files.
The skill expects users or agents to run local Python helper scripts. This is central to the stated scaffolding purpose, but it is still local code execution.
python scripts/frontend_scaffolder.py my-app --template nextjs
Run the scripts only from a trusted checkout, prefer `--dry-run` first, and review target paths before allowing file writes.
Incorrect arguments could create files in the wrong directory or overwrite generated component files.
The component generator writes files to paths derived from command-line arguments. This is expected for a generator, but path selection matters.
component_dir.mkdir(parents=True, exist_ok=True) ... main_file.write_text(content)
Confirm component names and output directories, use dry-run mode when available, and keep backups or version control enabled.
npm installation may download third-party code and run package lifecycle scripts in the generated project.
The generated project workflow asks the user to install npm dependencies. This is normal for frontend scaffolding, but it introduces third-party package supply-chain trust.
cd my-app && npm install
Inspect the generated package.json, use a lockfile, and run normal dependency audit or sandboxing practices before installing.