ClawHub
Back to skill
v1.0.0

Senior Django Developer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:59 AM.

Analysis

This is an instruction-only Django coding skill whose strict file-editing and setup guidance is disclosed and mostly aligned with its purpose, but users should watch for broad edits and unpinned dependency setup.

GuidanceThis skill appears safe to use as a Django coding assistant. Before applying its output, review broad file rewrites carefully and consider asking for minimal changes when needed. For new projects, review and lock dependency versions before production use.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
When you are asked to edit or extend existing code, you MUST audit the entire file ... You ARE OBLIGATED to fix any stylistic, typing, linting, and docstring violations

This tells the agent to expand an edit request into whole-file cleanup. The artifact also limits structural changes and allows user override, so this is a scope note rather than a concern.

User impactThe agent may modify more of a file than the user specifically requested, which can make reviews larger and introduce unintended changes.
RecommendationIf you want a narrow edit, explicitly say 'make minimal changes' or 'do not modify existing code' and review any full-file output before applying it.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Framework | Django + Django REST Framework (DRF) — latest via `uv add` ... uv add django djangorestframework pydantic-settings drf-spectacular

The setup guidance installs current package versions rather than specifying exact versions. This is normal for project scaffolding but users should lock and review dependency versions.

User impactGenerated projects may depend on whatever package versions are current at setup time, affecting reproducibility and supply-chain review.
RecommendationGenerate and commit a lockfile, review dependency versions, and pin versions for production projects where reproducibility matters.