Rapid Prototyper
Ultra-fast proof-of-concept and MVP development. Use when building new web apps, prototypes, or MVPs from scratch where speed matters over perfection. Specia...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 142 · 1 current installs · 1 all-time installs
MIT-0
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (rapid prototyping / MVPs) matches the content: scaffold commands, stack choices, boilerplate patterns and deployment guidance for Next.js + Supabase + Clerk + Prisma. Required tools and libraries shown in the docs are appropriate for the stated purpose and nothing outside that domain (e.g., unrelated cloud providers or admin credentials) is requested.
Instruction Scope
The SKILL.md and references instruct the agent/developer to scaffold a full-stack app, add auth, analytics and a feedback widget that sends feedback plus the current URL (window.location.href) to the app backend. That is expected for a prototyping workflow, but it does introduce potential privacy/data-collection concerns (the feedback widget will capture URLs and any user-entered content). The instructions do not tell the agent to read local system files or fetch credentials from the environment automatically, so runtime scope is limited to developer actions.
Install Mechanism
This is an instruction-only skill with no install spec and no code files that execute on the agent. No downloads, third-party install URLs, or archive extraction are used by the skill itself — lowest install risk.
Credentials
The registry metadata lists no required env vars, but references/stack-setup.md clearly documents environment variables and secret keys you must provide to run the apps (DATABASE_URL, CLERK_SECRET_KEY, NEXT_PUBLIC_SUPABASE_ANON_KEY, etc.). Those env vars are appropriate for the described stack, but the metadata omission reduces transparency. The skill expects working with secrets (DB connection, auth keys, analytics), which are proportional to building and deploying a web app but should be handled carefully (do not commit them to source).
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills' configurations. It is user-invocable and can be invoked autonomously (platform default) but that is expected for instruction-only developer skills.
Assessment
This skill is coherent for fast web-app prototypes, but review the following before using: 1) You will need to create and store secrets (DATABASE_URL, CLERK_SECRET_KEY, Supabase keys). Keep them out of source control and use your deployment provider's secret store. 2) The recommended feedback widget posts the current URL and free-form text to your backend — consider privacy and sanitize/store feedback appropriately to avoid leaking PII. 3) The docs encourage adding analytics (Vercel Analytics or PostHog) early — decide whether you want third-party telemetry before shipping. 4) The registry metadata does not declare the env vars the templates expect; treat that as a transparency gap and ensure you supply and protect required keys locally or in your deploy settings. If you want, I can point out specific lines to change to reduce data exposure (e.g., remove window.location.href from feedback payload) or produce a checklist for safe deployment (env handling, CORS, rate limiting, input sanitization).Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Rapid Prototyper
Build working MVPs in days, not weeks. Speed-first. No over-engineering.
Mindset
- Ship working code over elegant architecture
- Use pre-built components and BaaS over custom infra
- Validate the idea first — optimize later
- Include analytics and feedback hooks from day one
The Stack
Always default to this unless there's a specific reason not to:
| Layer | Tool | Why |
|---|---|---|
| Framework | Next.js 14 (App Router) | Full-stack, fast setup |
| Database | Supabase (PostgreSQL) | Instant DB + realtime + storage |
| Auth | Clerk | Drop-in auth in minutes |
| UI | shadcn/ui + Tailwind | Beautiful components, no design needed |
| ORM | Prisma | Type-safe DB access |
| State | Zustand | Simple, no boilerplate |
| Forms | React Hook Form + Zod | Validation out of the box |
| Animation | Framer Motion | Polish when needed |
See references/stack-setup.md for full setup commands and boilerplate.
Workflow
Phase 1 — Define the core (5 min)
- What is the ONE thing users do in this app?
- What does success look like? (define metric now, not later)
- What's the minimum to test the hypothesis?
Phase 2 — Scaffold (15–30 min)
npx create-next-app@latest my-app --typescript --tailwind --eslint --app
cd my-app
npx shadcn@latest init
Then: add Prisma, Supabase client, Clerk provider. See references/stack-setup.md.
Phase 3 — Build core user flow only
- One happy path first
- Skip edge cases, error states, loading states until core works
- Use shadcn components — don't style from scratch
Phase 4 — Add feedback collection
- Always add a simple feedback mechanism (textarea + submit)
- Add Vercel Analytics or PostHog from day one
- Log key actions
Phase 5 — Deploy
npx vercel --prod
# or: push to GitHub → auto-deploy on Vercel
Critical Rules
- Never spend more than 1 hour on auth — use Clerk
- Never design a custom DB schema without checking if Supabase can handle it with defaults
- Always deploy to a URL (even dev preview) before calling it done
- Always ask: "Is this feature necessary to test the core hypothesis?"
Success Metrics
- Working app deployed to URL: ✅ done
- Core user flow completable end-to-end: ✅ done
- At least one real user can test it: ✅ done
- Feedback collection in place: ✅ done
References
references/stack-setup.md— Full setup commands, env vars, boilerplate codereferences/patterns.md— Common patterns: auth routes, DB queries, API routes, forms
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…