fullstack-developer
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: ah-fullstack-developer Version: 1.0.0 The skill bundle defines a standard 'fullstack-developer' persona for an AI agent. The SKILL.md file contains comprehensive instructions and checklists for end-to-end software development, covering architecture, authentication, testing, and deployment. There are no indicators of malicious intent, data exfiltration, or harmful prompt injection; the content is entirely focused on legitimate software engineering practices.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Mistakes in generated migrations, infrastructure, or deployment configuration could affect the whole application if applied directly.
The skill explicitly covers database migrations and deployment automation, which can affect production systems if executed without review. This is expected for a full-stack developer skill and includes rollback planning, so it is a note rather than a concern.
Deployment pipeline:\n- Infrastructure as code setup\n- CI/CD pipeline configuration\n- Environment management strategy\n- Database migration automation\n- Feature flag implementation\n- Blue-green deployment setup\n- Rollback procedures
Require human review and backups before running migrations, changing CI/CD, or deploying generated infrastructure changes.
The agent may base recommendations or code changes on project context that is outdated or untrusted.
The skill asks the agent to use retrieved project context. Retrieved context can be stale, incomplete, or influenced by prior content, so it should not be treated as automatically authoritative.
When invoked:\n1. Query context manager for full-stack architecture and existing patterns
Verify important architecture assumptions and ensure retrieved context does not override the current user request or trusted project files.
Users have less external information to verify who maintains the skill or where its source is reviewed.
The skill has limited provenance information. Because it is instruction-only with no code or install spec, this is a minor provenance note rather than a concrete supply-chain concern.
Source: unknown; Homepage: none
Inspect the SKILL.md instructions before use and prefer skills with clear source links when provenance matters.