ClawHub

Senior Backend

v1.0.0

Production-grade backend development. Use this skill when the user mentions: build the API, create backend, REST API, GraphQL, database modeling, authenticat...

0· 13·0 current·0 all-time
byEmerson Braun@emersonbraun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise production-grade backend implementation and the SKILL.md and reference docs contain framework, database, validation, auth, and operational patterns consistent with that purpose. Nothing requested (no env vars, no binaries, no installs) is out of scope for a backend implementation guide.
Instruction Scope
The runtime instructions and examples reference reading environment variables and integrating with external services (S3_BUCKET, Stripe webhook secret, Redis via Redis.fromEnv(), AWS SDK, Upstash, etc.). This is normal for backend guidance, but the SKILL.md contains concrete code patterns that assume access to service secrets/configs — the skill does not itself declare or request those credentials, so users should be aware examples imply use of secrets when implementing.
Install Mechanism
There is no install spec and no code files that execute on install. Instruction-only skills write nothing to disk and therefore pose low install-time risk.
Credentials
The skill declares no required environment variables (none in requires.env), but many examples reference environment values and third-party secrets (AWS S3 bucket, Redis/Upstash config, Stripe webhook secret, etc.). That is typical for backend patterns, but it means implementers will need to supply those credentials — only supply the minimum necessary and follow least privilege.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent/system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other elevated privileges here.
Assessment
This is an instruction-only backend implementation skill and appears to do what it says. It includes practical examples that reference common service secrets (S3_BUCKET, Stripe webhook secret, Redis credentials, etc.) but the skill itself does not request those. Before using or pasting secrets into any assistant conversation or generated code, (1) avoid sharing long-lived credentials in chat, (2) use least-privilege or ephemeral keys for testing, (3) verify any produced code before running it (especially code that touches cloud services), and (4) store production secrets in a secure secret manager or CI/CD pipeline rather than embedding them in source or chat. If you want extra assurance, ask the skill to list exactly which environment variables it will need for your chosen stack and only provide them via secure channels.

Like a lobster shell, security has layers — review code before you run it.

latestvk979c1yshvggfgynd14w5kxw4984c8q5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments