ClawHub

NodeJS

v1.0.1

Avoid common Node.js mistakes — event loop blocking, async error handling, ESM gotchas, and memory leaks.

5· 2.5k·25 current·27 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise: guidance on Node.js pitfalls. What is present: multiple markdown files covering async, modules, errors, performance, security, streams, packages, testing. Required binary is only 'node'. All requested artifacts map to the stated purpose.
Instruction Scope
SKILL.md and included files are documentation and coding guidance. They do not instruct the agent to read or transmit arbitrary system files, access environment variables, call external endpoints, or run code. The content advises on safe/unsafe APIs but contains no runtime instructions that expand the skill's scope beyond documentation.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing will be downloaded or written to disk by an installer. This is the lowest-risk install model and is proportionate to a documentation/ref guide.
Credentials
The skill declares no required env vars, no credentials, and only checks for the 'node' binary. The documented security guidance mentions risks (e.g., eval, exec) but does not request secrets or other unrelated credentials. Environment access is minimal and appropriate.
Persistence & Privilege
Skill flags are default (always: false, agent invocation allowed). It does not request persistent privileges or modify other skills. Autonomous invocation is allowed by platform default but the skill contains only static guidance, so there is no elevated privilege or persistence requested by the skill itself.
Assessment
This skill is a set of Node.js best-practice notes and appears coherent and low-risk: it only needs the node binary and contains no installer, credentials, or code to execute. Before installing, consider provenance: the skill has no homepage or author metadata, so you may want to verify the content or prefer a skill from a known publisher if you require strong provenance. If the skill later adds install steps or asks for environment variables/credentials, re-evaluate before granting them.

Like a lobster shell, security has layers — review code before you run it.

latestvk975azcg3ee16b63sx7x3hv8f1815yxw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💚 Clawdis
OSLinux · macOS · Windows
Binsnode

Comments