Back to skill
Skillv2.0.0
ClawScan security
Nextjs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 15, 2026, 8:21 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only skill that provides high-level guidance for building Next.js 15 apps; it requests no credentials, performs no installs, and is internally consistent with its stated purpose.
- Guidance
- This skill is an instruction-only guide for building Next.js apps and requests no credentials or installs — low intrinsic risk. Two practical cautions: (1) the guidance is high-level and gives the agent broad discretion (it may generate code or commands), so always review generated code and any proposed deployment steps before running them; (2) although the skill itself asks for nothing sensitive, the agent may, depending on your environment, use other platform integrations — keep an eye on any prompts that ask you to supply API keys or run shell commands before providing them.
Review Dimensions
- Purpose & Capability
- okName and description (Next.js developer guidance) align with the SKILL.md content: high-level workflow and prompts for producing Next.js app drafts. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- noteSKILL.md is a high-level, human-facing workflow (clarify audience, produce draft, use SkillBoss capabilities, refine). It does not instruct the agent to read files, access credentials, or call external endpoints beyond platform APIs. The wording 'Use the relevant SkillBoss capabilities' is intentionally open-ended and grants the agent discretion, so you should review any automated outputs before publishing or executing generated code.
- Install Mechanism
- okNo install spec and no code files — lowest-risk instruction-only skill (nothing will be written to disk by the skill itself).
- Credentials
- okRequires no environment variables, credentials, or config paths. No sensitive access requested, which is proportionate to a documentation/workflow skill.
- Persistence & Privilege
- okSkill is not marked always:true and uses default agent invocation. It does not request persistent system changes or modify other skills' configs.