Rapid Prototyper
v1.0.0Ultra-fast proof-of-concept and MVP development. Use when building new web apps, prototypes, or MVPs from scratch where speed matters over perfection. Specia...
⭐ 0· 271·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (rapid prototyping / MVPs) matches the content: scaffold commands, stack choices, boilerplate patterns and deployment guidance for Next.js + Supabase + Clerk + Prisma. Required tools and libraries shown in the docs are appropriate for the stated purpose and nothing outside that domain (e.g., unrelated cloud providers or admin credentials) is requested.
Instruction Scope
The SKILL.md and references instruct the agent/developer to scaffold a full-stack app, add auth, analytics and a feedback widget that sends feedback plus the current URL (window.location.href) to the app backend. That is expected for a prototyping workflow, but it does introduce potential privacy/data-collection concerns (the feedback widget will capture URLs and any user-entered content). The instructions do not tell the agent to read local system files or fetch credentials from the environment automatically, so runtime scope is limited to developer actions.
Install Mechanism
This is an instruction-only skill with no install spec and no code files that execute on the agent. No downloads, third-party install URLs, or archive extraction are used by the skill itself — lowest install risk.
Credentials
The registry metadata lists no required env vars, but references/stack-setup.md clearly documents environment variables and secret keys you must provide to run the apps (DATABASE_URL, CLERK_SECRET_KEY, NEXT_PUBLIC_SUPABASE_ANON_KEY, etc.). Those env vars are appropriate for the described stack, but the metadata omission reduces transparency. The skill expects working with secrets (DB connection, auth keys, analytics), which are proportional to building and deploying a web app but should be handled carefully (do not commit them to source).
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills' configurations. It is user-invocable and can be invoked autonomously (platform default) but that is expected for instruction-only developer skills.
Assessment
This skill is coherent for fast web-app prototypes, but review the following before using: 1) You will need to create and store secrets (DATABASE_URL, CLERK_SECRET_KEY, Supabase keys). Keep them out of source control and use your deployment provider's secret store. 2) The recommended feedback widget posts the current URL and free-form text to your backend — consider privacy and sanitize/store feedback appropriately to avoid leaking PII. 3) The docs encourage adding analytics (Vercel Analytics or PostHog) early — decide whether you want third-party telemetry before shipping. 4) The registry metadata does not declare the env vars the templates expect; treat that as a transparency gap and ensure you supply and protect required keys locally or in your deploy settings. If you want, I can point out specific lines to change to reduce data exposure (e.g., remove window.location.href from feedback payload) or produce a checklist for safe deployment (env handling, CORS, rate limiting, input sanitization).Like a lobster shell, security has layers — review code before you run it.
latestvk970kjx0faw4q24pqce9vz87n182k47g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.