Back to skill
Skillv0.1.0
ClawScan security
Nestjs Best Practices · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 4:46 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only NestJS best-practices guide and its declared requirements and runtime instructions are consistent with that purpose.
- Guidance
- This is an instruction-only NestJS best-practices guide and appears internally consistent. Before installing: 1) Note that the SKILL.md references additional rule files (rules/*.md, AGENTS.md) that are not bundled — ask the publisher for those or be prepared for the agent to request/fetch them. 2) Because this skill contains only guidance (no code or installers), it cannot by itself execute code or access secrets, but an autonomous agent using these instructions could generate or modify project files — ensure you trust the agent and review any code it generates. 3) If you require provenance, ask the owner for a homepage, repository, or the missing rule files so you can verify examples and references.
Review Dimensions
- Purpose & Capability
- okName and description match the SKILL.md content. The guide is focused on NestJS architecture, DI, security, performance and so on; there are no unrelated env vars, binaries, or install steps requested.
- Instruction Scope
- noteThe SKILL.md gives guidelines and points to rule files (rules/*.md and AGENTS.md) for detailed examples, but those files are not included in the bundle. The instructions do not ask the agent to read system credentials or unrelated files. Because the guide references external files, the agent or user may need to fetch or supply those documents to get full examples — this is expected but worth noting.
- Install Mechanism
- okNo install spec or code files are present (instruction-only). This is lowest-risk from an install/execution perspective.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. There is no request for secrets or unrelated service access that would be disproportionate to a documentation/guide skill.
- Persistence & Privilege
- okThe skill does not request always:true and uses normal defaults. It does not attempt to modify other skills or system configuration; autonomy (model invocation) is allowed by default but is not excessive here.