Web Architecture
PassAudited by ClawScan on May 1, 2026.
Overview
This is a text-only web-development playbook with no executable code, but it does ask agents to run project commands and potentially use long-running sub-agents.
Install only if you want an agent to coordinate substantial code changes in a TypeScript/Next.js/Convex project. Use it in a dedicated repo, review each phase, keep provider keys in scoped environment variables, pin dependencies, and override the HustleStack-specific requirements with your own project brief.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A build or delegated task could run longer than expected and consume time, credits, or compute until manually stopped or completed.
The skill openly instructs long-running sub-agent execution; this is aligned with its orchestration purpose, but users should notice the lack of a hard runtime bound.
Sub-agents MUST run without timeout limits.
Use clear checkpoints, review each phase before continuing, and apply your own budget or cancellation limits if your agent runner supports them.
The agent may start development tooling, generate files, or modify project state as part of the build workflow.
The instructions include local CLI commands. These are expected for bootstrapping and verifying a Convex/Next.js project, but they will execute in the user's development environment.
Initialize Convex: `npx convex dev --once` ... Run `npx convex dev` ... Verify: `bun run build` passes
Run the skill only inside the intended project workspace and review generated or modified files before committing or deploying.
If you supply real provider keys, generated application code may gain access to billing, email, auth, or analytics services.
The technical requirements include examples for provider secrets and billing/webhook integrations. This is expected for a full-stack app spec, and there is no evidence of secret logging or unrelated transmission.
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!); ... process.env.STRIPE_WEBHOOK_SECRET!
Use environment variables, least-privilege test keys where possible, and review provider scopes before using production credentials.
The agent may apply product-specific defaults, branding, integrations, or requirements that do not match your project.
A supporting document is product-specific even though the skill is described as a general web architecture workflow; this could bias generated work toward HustleStack assumptions if the user does not override it.
# HustleStack - Technical Requirements > Comprehensive technical specification for the HustleStack career development platform.
Treat the HustleStack document as an example or template and explicitly provide your own project requirements before using the workflow.
Future installs may resolve to different package versions than originally intended.
The requirements favor latest-version dependencies. That is common for a modern app template, but unpinned versions can change behavior over time.
| **Convex** | latest | ... | **Clerk** | latest | ... | **Stripe** | latest |
Pin dependency versions and commit a lockfile for real projects.