Back to skill
Skillv1.0.0
ClawScan security
Nextjs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 12:59 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that provides guidance for building Next.js apps and does not request credentials, install software, or instruct the agent to access system files or external services beyond its homepage link.
- Guidance
- This skill appears to be a safe, instruction-only guide for Next.js development. Before installing or using it: (1) confirm you trust the skill publisher/homepage if you plan to follow external links, (2) review any outputs the skill generates before executing code in your environment, and (3) be cautious if a future version adds an install step, required credentials, or filesystem/network instructions — those changes would warrant a fresh review.
Review Dimensions
- Purpose & Capability
- okThe name and description (Next.js app development guidance) match the SKILL.md content, which is a high-level workflow and drafting guidance for developers; there are no unrelated requirements (no binaries, env vars, or config paths).
- Instruction Scope
- okSKILL.md contains only high-level authoring workflow, suggested prompts, SEO notes, and links; it does not instruct the agent to read local files, access credentials, or transmit data to unexpected endpoints.
- Install Mechanism
- okNo install spec and no code files are present (instruction-only), so nothing will be written to disk or fetched at install time.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths; nothing in the instructions attempts to access secrets or unrelated services.
- Persistence & Privilege
- okalways is false and there is no installation or persistent configuration; the skill does not request permanent presence or elevated agent privileges.