ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Micro-Frontend Architecture

v1.0.0

Micro-frontend architecture design and implementation guide. Use when: designing micro-frontend architecture, choosing between Module Federation/qiankun/sing...

0· 54·0 current·0 all-time
byHjs102468@goldath
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The files and SKILL.md describe micro-frontend design, framework choices, communication, style isolation, and deployment. All content matches the skill name and description.
!
Instruction Scope
The SKILL.md and reference files include concrete runtime steps that assume executing network/deployment commands and runtime loading of remote JS (e.g., aws s3 sync, curl to https://api.example.com/manifest, fetch('/api/mfe-manifest'), dynamic remoteEntry.js loading). The skill does not declare or restrict these actions; instructions could cause an agent to run CLI/network actions or load and execute third‑party code.
Install Mechanism
This is instruction-only with no install spec and no code files to execute by default, which minimizes install-time risk.
!
Credentials
The deployment examples require tooling and credentials (AWS CLI for s3 sync, network access, likely API auth to update manifest) but the skill declares no required env vars or binaries. That mismatch means an agent following these instructions may attempt to use credentials or tools that haven't been requested or scoped.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent presence or modify other skills' configs.
What to consider before installing
This guide is useful for micro-frontends, but note the deployment examples assume running CLI/network commands and loading remote JS. Before installing or letting an agent use this skill, confirm: (1) whether the agent will execute shell commands (aws, curl) and if so, supply only scoped credentials; (2) what network access is allowed — dynamic remoteEntry.js loading executes third-party code and should only point to trusted CDNs/manifests; (3) add explicit required binaries/credentials to the skill metadata or refuse to run deployment steps if those are absent. If you don't want the agent to perform deployments or run commands, restrict the skill to read-only architectural guidance.

Like a lobster shell, security has layers — review code before you run it.

latestvk972n14777r9vwg6st3jxeht6h84e7cg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments