Project Scaffold
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent project-scaffolding skill with purpose-aligned local setup commands; users should review package-manager commands before running them.
This skill appears safe and purpose-aligned for creating new project boilerplate. Before using it, choose a target directory, review the generated files, and consider pinning package versions instead of relying on `latest` for important projects.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the example may fetch and run current tooling from an external package registry.
The scaffold uses an external package-manager command with `@latest`, so the generated code and executed tooling may vary over time. This is normal for project scaffolding but worth noticing.
npx create-next-app@latest my-app --typescript --tailwind --eslint --app --src-dir
Use trusted package registries and consider pinning versions when reproducibility or stricter supply-chain control matters.
If run in the wrong directory, the git commands could stage or commit files the user did not intend to include.
The checklist includes local git mutation commands. They are aligned with creating a new project, but should be run from the intended scaffold directory.
git init && git add -A && git commit -m "Initial scaffold"
Confirm the target directory before running scaffold and git commands, and review generated files before committing.