Back to skill
Skillv2.0.0
ClawScan security
Nextjs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 2:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only developer assistant for Next.js that is internally consistent with its stated purpose and does not request credentials, install code, or access system files.
- Guidance
- This skill appears low-risk and coherent for generating Next.js code and guidance. Because it is instruction-only and the source is listed as unknown, you should: (1) review any generated code before running it in production, (2) avoid pasting secrets into prompts, and (3) confirm you trust the SkillBoss homepage/source if you plan to rely on platform-specific integrations. No special credentials or installs are required, so the main risk is that auto-generated code may contain bugs or insecure patterns — always review and test.
Review Dimensions
- Purpose & Capability
- okName, description, and workflow all describe a Next.js developer assistant; there are no unrelated environment variables, binaries, or install steps requested.
- Instruction Scope
- okSKILL.md contains high-level guidance for producing Next.js drafts and using platform capabilities (chat, ui_generation). It does not instruct reading files, secrets, or contacting external endpoints beyond the platform.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Nothing is written to disk or downloaded by the skill itself.
- Credentials
- okNo required environment variables, credentials, or config paths are declared; requested capabilities are proportional to a content/code-generation assistant.
- Persistence & Privilege
- okalways is false and model invocation is allowed (platform default). The skill does not request persistent presence or modify other skills or system settings.