ClawHub

Crxjs

v1.0.0

CRXJS Chrome extension development — true HMR for popup, options, content scripts, side panels, manifest-driven builds, dynamic content script imports (`?scr...

0· 46·0 current·0 all-time
bySamuel Berthe@samber
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (CRXJS Chrome extension development) match the actual requirements: git, node, npm and Vite/npm commands. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md directs the agent to scaffold projects (npm create), install packages (npm install), and modify project files (vite.config, manifest, src files). That is expected for a dev helper, but it implies the agent will read/write project files and perform network operations (npm registry/GitHub). There are no instructions to access unrelated system files or secrets.
Install Mechanism
Instruction-only skill with no install spec and no downloads. This minimizes disk-write/execute risk; runtime actions rely on standard dev tooling (npm/git).
Credentials
No environment variables or credentials are requested. The few permissions and tools (git, gh, npm) in allowed-tools are appropriate for scaffolding and package management.
Persistence & Privilege
always:false and no indicaton of modifying other skills or system-wide configs. The skill will operate within the project repository (scaffold, install, edit files), which is proportional to its purpose.
Assessment
This skill appears to be a straightforward developer helper for CRXJS and is internally consistent. Before using it, be aware that it will instruct the agent to run npm create / npm install and to read and edit project files (vite.config, manifest, src/*). That means: (1) review any package.json scripts and the packages the agent will install—npm packages and scaffolding scripts can run arbitrary code; (2) check the extension manifest permissions (e.g., storage, scripting, activeTab) so you understand runtime capabilities of the extension you build; (3) avoid running commands as an elevated user and keep secrets (env files, private keys) out of the project directory while the agent has file access; (4) if you want maximum safety, run the suggested npm commands yourself and manually review changes rather than granting the agent automatic execution rights. Overall this skill is coherent and fits its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk973y3fyy4v5bzjqkfjvv0s1dh83qpxv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
Binsgit, node, npm

Comments