ClawHub

nodejs-backend

v2.53.2

Node.js backend patterns: layered architecture, TypeScript, validation, error handling, security, deployment. Use when building REST APIs, Express/Fastify/Ho...

0· 51·0 current·0 all-time
byIlia Alshanetsky@iliaal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Node.js backend patterns) matches the included SKILL.md and references. All files are documentation and examples for architecture, TypeScript, validation, error handling, and deployment — nothing requested or required is outside that scope.
Instruction Scope
Runtime instructions are guidance for writing backend code (validate inputs, use Zod, error envelopes, health endpoints, etc.). The only actionable runtime hint is to 'search_docs' for up-to-date framework APIs, which is reasonable; there are no instructions to read unrelated host files, exfiltrate data, or call unknown external endpoints.
Install Mechanism
No install spec and no code files that would be written or executed. This instruction-only skill has the lowest install risk (nothing is downloaded or installed).
Credentials
The skill does not require environment variables or credentials. It includes example code and guidance that references common env vars (DATABASE_URL, JWT_SECRET) which are normal for backend projects but are only illustrative; the skill itself does not request secrets.
Persistence & Privilege
always is false and the skill does not request persistent or privileged presence. There is no install-time behavior that writes agent-wide config or modifies other skills.
Assessment
This is a guidelines-only skill (no code or installers) and appears coherent for building Node.js backends. Before using: 1) review any code the agent generates to ensure it doesn't accidentally log or transmit secrets; 2) if you copy sample env names (DATABASE_URL, JWT_SECRET), supply those secrets only to trusted deployments and store them in your secret manager; 3) run dependency/security scanning on any third‑party packages you add when implementing these patterns; and 4) note the skill recommends calling a 'search_docs' helper — confirm that helper is trusted and won't leak sensitive project data.

Like a lobster shell, security has layers — review code before you run it.

latestvk9714tggqggeec0r67w12vawmd84ff00

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments