ClawHub

Openpecha frontend + backend structure

v1.0.1

the Skill act as a full stack developer.

0· 118·0 current·0 all-time
by@tenkus47
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (full‑stack dev) match the SKILL.md and the other docs: coding conventions, folder layout, and endpoint standards. There are no unexpected requirements (no binaries, env vars, or installs) that would contradict the stated purpose.
Instruction Scope
SKILL.md contains detailed coding conventions and implementation guidance for Next.js, Supabase, GraphQL, etc. The instructions do not tell the agent to read arbitrary system files, access unrelated credentials, or exfiltrate data. It does recommend using environment variables for API keys (a normal best practice) but does not request any specific secrets itself.
Install Mechanism
No install spec and no code files to execute; this is instruction-only, so nothing is downloaded or written to disk by the skill itself.
Credentials
The guidance recommends storing API keys in environment variables (appropriate for the purpose). The skill does not declare or require any env vars or credentials, so there is no disproportionate credential request. If used by an agent, that agent or generated code may later ask the user for service keys (e.g., Supabase), which is outside this skill's static footprint.
Persistence & Privilege
always is false and disable-model-invocation is false (normal). The skill does not request permanent presence, nor does it modify system/other-skill configs; it's a passive instruction set.
Assessment
This skill is a readable style/implementation guide and appears internally consistent. Because it is instruction-only, it cannot itself access files, install software, or exfiltrate secrets. However, an agent following these instructions may produce code that interacts with external services (Supabase, Vercel AI SDK, etc.) and then request API keys or tokens. Before providing any credentials or running generated install/download commands, review the generated code for hardcoded secrets, unexpected network endpoints, or arbitrary install scripts. If you let an agent act autonomously, be cautious about granting credentials or allowing it to run install scripts or downloads.

Like a lobster shell, security has layers — review code before you run it.

latestvk973pw5ffmwfjh1bh94h5e15tn836yf4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments