fullstack-developer
PassAudited by ClawScan on May 5, 2026.
Overview
This is an instruction-only full-stack development helper; its broad database, auth, and deployment scope is expected for that purpose but should be used with normal code-review safeguards.
This skill appears benign and coherent for full-stack development. Before installing or using it with powerful tools, review generated code diffs, approve database migrations and deployment changes manually, verify context-manager assumptions, and note that the registry does not provide a source link or homepage.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Mistakes in generated migrations, infrastructure, or deployment configuration could affect the whole application if applied directly.
The skill explicitly covers database migrations and deployment automation, which can affect production systems if executed without review. This is expected for a full-stack developer skill and includes rollback planning, so it is a note rather than a concern.
Deployment pipeline:\n- Infrastructure as code setup\n- CI/CD pipeline configuration\n- Environment management strategy\n- Database migration automation\n- Feature flag implementation\n- Blue-green deployment setup\n- Rollback procedures
Require human review and backups before running migrations, changing CI/CD, or deploying generated infrastructure changes.
The agent may base recommendations or code changes on project context that is outdated or untrusted.
The skill asks the agent to use retrieved project context. Retrieved context can be stale, incomplete, or influenced by prior content, so it should not be treated as automatically authoritative.
When invoked:\n1. Query context manager for full-stack architecture and existing patterns
Verify important architecture assumptions and ensure retrieved context does not override the current user request or trusted project files.
Users have less external information to verify who maintains the skill or where its source is reviewed.
The skill has limited provenance information. Because it is instruction-only with no code or install spec, this is a minor provenance note rather than a concrete supply-chain concern.
Source: unknown; Homepage: none
Inspect the SKILL.md instructions before use and prefer skills with clear source links when provenance matters.