NodeJS

Avoid common Node.js mistakes — event loop blocking, async error handling, ESM gotchas, and memory leaks.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 4 · 1.8k · 15 current installs · 17 all-time installs

byIván@ivangdavila

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description promise: guidance on Node.js pitfalls. What is present: multiple markdown files covering async, modules, errors, performance, security, streams, packages, testing. Required binary is only 'node'. All requested artifacts map to the stated purpose.

✓

Instruction Scope

SKILL.md and included files are documentation and coding guidance. They do not instruct the agent to read or transmit arbitrary system files, access environment variables, call external endpoints, or run code. The content advises on safe/unsafe APIs but contains no runtime instructions that expand the skill's scope beyond documentation.

✓

Install Mechanism

No install spec and no code files — instruction-only skill. Nothing will be downloaded or written to disk by an installer. This is the lowest-risk install model and is proportionate to a documentation/ref guide.

✓

Credentials

The skill declares no required env vars, no credentials, and only checks for the 'node' binary. The documented security guidance mentions risks (e.g., eval, exec) but does not request secrets or other unrelated credentials. Environment access is minimal and appropriate.

✓

Persistence & Privilege

Skill flags are default (always: false, agent invocation allowed). It does not request persistent privileges or modify other skills. Autonomous invocation is allowed by platform default but the skill contains only static guidance, so there is no elevated privilege or persistence requested by the skill itself.

Assessment

This skill is a set of Node.js best-practice notes and appears coherent and low-risk: it only needs the node binary and contains no installer, credentials, or code to execute. Before installing, consider provenance: the skill has no homepage or author metadata, so you may want to verify the content or prefer a skill from a known publisher if you require strong provenance. If the skill later adds install steps or asks for environment variables/credentials, re-evaluate before granting them.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1

Download zip

latestvk975azcg3ee16b63sx7x3hv8f1815yxw

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💚 Clawdis

OSLinux · macOS · Windows

Binsnode

SKILL.md

Quick Reference

Topic	File
Callbacks, Promises, async/await, event loop	`async.md`
CommonJS vs ESM, require vs import	`modules.md`
Error handling, uncaught exceptions	`errors.md`
Readable, Writable, Transform, backpressure	`streams.md`
Memory leaks, event loop blocking, profiling	`performance.md`
Input validation, dependencies, env vars	`security.md`
Jest, Mocha, mocking, integration tests	`testing.md`
npm, package.json, lockfiles, publishing	`packages.md`

Critical Traps

fs.readFileSync blocks entire server — use fs.promises.readFile
Unhandled rejection crashes Node 15+ — always .catch() or try/catch
process.env values are strings — "3000" not 3000, parseInt needed
JSON.parse throws on invalid — wrap in try/catch
require() cached — same object, mutations visible everywhere
Circular deps return incomplete export — restructure to avoid
Event listeners accumulate — removeListener or once()
async always returns Promise — even for plain return
pipeline() over .pipe() — handles errors and cleanup
No __dirname in ESM — use fileURLToPath(import.meta.url)
Buffer.from(string) — encoding matters, default UTF-8

Files

9 total

Select a file

Select a file to preview.

Comments

Loading comments…