ClawHub

New App

v1.0.0

Use when creating a new internal application from scratch, standardizing a 0-to-1 app build workflow, or helping teammates bootstrap a Next.js/FastAPI/Keyclo...

0· 72·0 current·0 all-time
by橙子瓣@lyc-chengzi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description and SKILL.md all describe a documentation‑first internal app bootstrap workflow (Next.js/FastAPI/Keycloak/Postgres style). There are no unexpected environment variables, binaries, or config paths requested that would be disproportionate to that purpose.
Instruction Scope
The runtime instructions are repository- and process-focused: requirements discovery, docs updates, templates under templates/, and standard delivery checklists. They do not instruct the agent to read unrelated system files, access network endpoints, exfiltrate data, or prompt for unrelated credentials. The skill does instruct the agent to read repository docs (docs/) and provided templates, which is appropriate for this purpose.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is downloaded or written to disk by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths. The content explicitly warns against hardcoding secrets and focuses on documenting runtime configuration, which is proportionate.
Persistence & Privilege
always is false and there is no request to modify other skills or system-wide agent settings. disable-model-invocation is false (agent may invoke it autonomously), which is the platform default and acceptable for a user-invocable, workflow-oriented skill.
Assessment
This skill is instruction-only and appears coherent with its stated purpose. Before installing: (1) confirm you trust the skill author and repository contents; (2) review the templates/docs in the repo to ensure they contain no sensitive data or organization-specific secrets; (3) avoid providing any credentials to the skill and do not rely on it to perform automated network operations unless you verify such behaviors; (4) treat any generated implementation suggestions or code as draft — review and lint/test before merging; (5) if you do not want the agent to call this skill autonomously, disable autonomous invocation in your agent configuration or only invoke it manually.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a6gwsrqk590wmztfwsw44cd83jhg7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments