ClawHub

Senior Frontend

v1.0.0

Build, optimize, and review React and Next.js applications with TypeScript and Tailwind CSS. Use when scaffolding a frontend project, generating components,...

0· 68·0 current·0 all-time
by@felix-antonio-sl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (React/Next.js scaffolding, components, bundle analysis) matches the included Python scripts and reference docs. The provided scripts implement scaffolding, component generation, and bundle analysis; required binaries/env are none, which is consistent because scripts run with the local Python runtime.
Instruction Scope
SKILL.md limits actions to loading local reference files and running the shipped scripts in scripts/. The scripts read project files (package.json, next.config.*, src/app/pages) and, for scaffolding/generation, write files into the target directory. Reading/writing the project filesystem is expected for this purpose, but be aware the scaffolder and generator create files on disk (there is a dry-run option in component_generator).
Install Mechanism
No install spec or external downloads are present; the skill is instruction + bundled Python scripts. This is low risk compared with skills that download or extract remote archives.
Credentials
The skill declares no environment variables or credentials. The scripts access only repository/project files (package.json, JS/TS sources, next.config.*), which is proportional to bundle analysis and scaffolding tasks. No unrelated secrets or system config paths are requested.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It will run scripts when invoked and can create files in the workspace (normal for a scaffolder). Autonomous invocation is allowed by default but is not combined with other concerning flags.
Assessment
This skill appears coherent for building and optimizing frontends. Before running: 1) Review the bundled Python scripts yourself (they are included) and run component_generator.py with --dry-run first to see intended outputs. 2) Run scripts inside the correct project folder (they read package.json and source files) to avoid accidental modifications to other repos — the scaffolder and generator will create files. 3) Note the 'auth' and 'api' feature options add dependencies like next-auth/@tanstack/react-query and create files such as middleware.ts; enable those only if you expect frontend auth/client API scaffolding. 4) Ensure you have Python 3.8+ available. If you need higher assurance, run the scripts in an isolated environment or review the generated artifacts before committing.
scripts/frontend_scaffolder.py:380
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk97awxt4zwxvemzqnesmczymqh83zkpk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments