spring-boot-engineer
PassAudited by ClawScan on May 7, 2026.
Overview
This is an instruction-only Spring Boot development helper with no code or install steps; the main cautions are around handling real secrets and shared project context.
This skill appears safe to install as a Spring Boot advisory/coding persona. Before using it, avoid pasting real production secrets unless necessary, review any generated code or deployment changes before applying them, and be mindful of what project context is shared with context managers or other agents.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user provides real tokens, API keys, or production secrets while using this skill, those secrets may be exposed to the agent session or downstream tools.
The skill discusses authentication, API keys, and secrets as Spring application security topics. That is purpose-aligned, but users could be tempted to paste real credentials into the agent context.
- OAuth2/JWT ... - API key management ... - Secrets managed
Use placeholders, local test credentials, or narrowly scoped/revocable secrets unless real credentials are strictly necessary.
The agent may use project requirements or architecture details from shared context, so inaccurate or overly broad context could affect recommendations or expose private project information.
The skill expects retrieved or shared project context. This is appropriate for software engineering help, but retrieved context can be sensitive, stale, or incorrect.
Query context manager for Spring Boot project requirements and architecture
Keep project context scoped to the task and review generated architecture or code decisions before applying them.
Project information could be passed to other specialized agents during use, depending on the platform’s orchestration behavior.
The skill suggests collaboration with other agents, but no executable mechanism or data-transfer behavior is provided. If the platform supports such collaboration, project details may be shared across agents.
Integration with other agents: - Collaborate with java-architect ... - Coordinate with cloud-architect on cloud deployment
Confirm which agents receive project context and avoid sharing sensitive architecture, credentials, or production details unnecessarily.