ClawHub

Startup Toolkit

v1.0.0

Provides a complete React/Node.js toolkit with landing page, authentication, payments, analytics, and marketing features to launch your startup quickly.

0· 432·3 current·3 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name and description promise a complete startup toolkit (frontend, backend, Stripe, Postgres, Docker, CI/CD, analytics, referral system). The actual bundle contains only SKILL.md and a 312-byte launch.sh that merely creates directories; there is no application code, Dockerfiles, docker-compose.yml, or integrations. This is a large mismatch between claimed capabilities and provided artifacts.
Instruction Scope
Runtime instructions simply tell the user to run ./launch.sh and possibly docker-compose up. The instructions do not ask for credentials or access system files. They are within a narrow operational scope, but they are misleading because they imply downstream steps (e.g., docker-compose up) that cannot succeed with the provided files.
Install Mechanism
There is no install spec and no downloaded code. The skill is instruction-only plus a small script, which minimizes installation risk. Nothing is written to disk by an installer beyond what the script itself does when executed.
!
Credentials
The skill declares no required environment variables or credentials, yet the description advertises integrations (Stripe, social auth) that normally require API keys. Either the skill is incomplete (missing config/setup) or it will later request credentials — the current state is disproportionate and potentially misleading.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not modify other skills or system settings. It only includes a simple script that creates directories in the current filesystem when run.
What to consider before installing
This package is essentially a placeholder/scaffolding script, not a functioning startup stack. It will create directories named for your project and then advise running docker-compose up, but no docker-compose.yml or application code is included. Before running anything: (1) inspect launch.sh (you already can — it just runs mkdir), (2) run it in a safe/sandbox directory (it will create folders where you run it), (3) do not expect Stripe or auth integrations to be present — they will require additional trusted code and API keys, and (4) prefer installing startup templates from well-known sources or full repos that include Dockerfiles, compose files, and explicit instructions. The script uses the unsanitized first argument as a path (e.g., an absolute or ../ path could create unexpected locations), so avoid running it with untrusted input or in sensitive directories.

Like a lobster shell, security has layers — review code before you run it.

latestvk9772jrxvyr76nb3xfqw2wnz1d829hq0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments