java&vue代码生成
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: project-generator Version: 1.0.0 The project-generator skill is a legitimate tool designed to scaffold full-stack Java (Spring Boot) and Vue.js applications. The Python scripts (generate-backend.py, generate-frontend.py) perform standard string templating and file generation based on user-selected configurations. The instructions in SKILL.md use strong language ('MANDATORY') to enforce a specific interactive workflow for tech stack selection, which is consistent with its stated purpose and does not exhibit malicious prompt injection characteristics. No indicators of data exfiltration, unauthorized execution, or persistence were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user deploys the generated project without changing these values, the database could be reachable with a well-known password.
The generated production-profile compose template exposes MySQL on the host using the root user and a hardcoded default password. This is an unsafe default for a skill that presents its output as production-ready.
SPRING_PROFILES_ACTIVE=prod ... SPRING_DATASOURCE_USERNAME=root ... SPRING_DATASOURCE_PASSWORD=password ... ports: - "3306:3306"
Treat generated Docker and database configs as local-development examples only; require unique secrets, non-root database users, and non-public database ports before any production use.
Installing the generated project may pull newer dependency versions with different behavior or vulnerabilities.
The generated frontend uses third-party npm packages with version ranges. This is normal for project scaffolding, but dependency resolution risk shifts to the generated project.
"dependencies": { "vue": "^3.4.0", "vue-router": "^4.2.0", "pinia": "^2.1.0", "axios": "^1.6.0" }Generate and commit lockfiles, review dependencies, and run package audits before relying on the generated application.