ClawHub

Full-Stack Web Engineer

v1.0.2

Expertise in designing, developing, and modernizing full-stack TypeScript microservices with Vue 3 frontend and robust API-driven architectures.

1· 459·0 current·0 all-time
byKhamalismadie⚡@khamalismadie
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (Full-Stack Web Engineer) align with the provided content: checklists, architecture guidance, and example TypeScript/Vue/Bun snippets. It does not request unrelated binaries, environment variables, or privileged config paths.
Instruction Scope
Runtime instructions are limited to loading internal reference modules and applying checklists. Example code snippets reference common env vars (e.g., process.env.JWT_SECRET, LOG_LEVEL) in illustrative middleware/logger examples, but the SKILL.md does not instruct the agent to read or exfiltrate host secrets or arbitrary files.
Install Mechanism
There is no install spec and no code files that would be downloaded or executed; the skill is instruction-only which is the lowest install risk. The Quick Start example mentions 'clawhub install fswe' but no install artifact or URL is provided in the package metadata.
Credentials
The skill declares no required environment variables or credentials. Example code shows typical environment references (JWT secret, log level, sqlite filename) appropriate to the domain; there are no disproportionate or unrelated credential requests.
Persistence & Privilege
The skill is not configured as always:true and does not request persistent system modifications. Autonomous invocation (disable-model-invocation: false) is the platform default and not by itself concerning for this instruction-only skill.
Assessment
This skill is essentially a curated set of engineering checklists and example code and does not request credentials or install binaries, so its footprint is coherent with its description. Before installing: verify the publisher/owner (source/homepage are unknown), and review the examples for project‑specific changes (e.g., set JWT_SECRET, database connection strings) so you don't accidentally commit secrets into code. Because it's instruction-only, the main risks are human (copying insecure examples into production) and trusting the unknown owner; if you plan to use snippets in production, audit them (especially auth, logging, and any code touching secrets) and ensure secrets are managed by your environment, not embedded in the skill.

Like a lobster shell, security has layers — review code before you run it.

engineeringvk970ztfpv08vnvdx6h1jzh6ht581n6cafullstackvk970ztfpv08vnvdx6h1jzh6ht581n6calatestvk970ztfpv08vnvdx6h1jzh6ht581n6camicroservicesvk970ztfpv08vnvdx6h1jzh6ht581n6catypescriptvk970ztfpv08vnvdx6h1jzh6ht581n6cavuevk970ztfpv08vnvdx6h1jzh6ht581n6ca

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments