Back to skill
Skillv1.0.5
ClawScan security
Alvis Next.js Framework · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 5:35 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only Next.js developer workflow skill whose requested footprint matches its stated purpose and does not ask for credentials or install software.
- Guidance
- This skill is an instruction-only Next.js helper and appears internally consistent. Before installing or invoking it: 1) Verify the SkillBoss homepage and the external 'complete setup guide' link to ensure they are from a trusted source; 2) Be cautious about following any external setup steps that ask you to run shell commands or install third-party packages—review those commands first; 3) Do not paste secrets or private keys into prompts when using the skill; 4) Review generated code before running in production. If you need higher assurance, ask the publisher for provenance (source repo or changelog) or request an installable package from a verifiable release host.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description (Next.js developer workflow and scaffolding advice) match the SKILL.md content. It does not request unrelated credentials, binaries, or config paths.
- Instruction Scope
- noteSKILL.md contains only high-level guidance and workflow steps for producing Next.js outputs. It does not instruct the agent to read local files, access environment variables, or call external endpoints beyond SkillBoss capabilities. Note: the guide links to an external 'complete setup guide' URL — following external links may introduce additional risk depending on what that external page instructs.
- Install Mechanism
- okNo install spec and no code files are present. As an instruction-only skill it does not write to disk or pull external packages.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. There is no disproportionate request for secrets or unrelated access.
- Persistence & Privilege
- okThe skill is not always-enabled and uses normal agent invocation settings. It does not request persistent system-wide privileges or modify other skills' configurations.