Back to skill
Skillv0.1.0
ClawScan security
Next Cache Components · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 4:41 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only Next.js guidance doc about Cache Components that is internally consistent with its stated purpose and requests no extra credentials or installs.
- Guidance
- This skill is a documentation-style guide for Next.js Cache Components and does not install code or ask for secrets. It's generally safe to view and use as reference. Before applying examples to your project: (1) verify Next.js version compatibility in your repo, (2) don't paste real credentials into examples or into chat prompts, (3) back up next.config.ts before changing it, and (4) provide any required DB/API credentials only through your normal project configuration (not via this skill). Note the skill's source is 'unknown' and there is no homepage — treat it as unsigned documentation and cross-check with official Next.js docs if you need high assurance.
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md content: examples and explanations focus on Next.js cache directives (use cache, cacheLife, cacheTag, updateTag). There are no unrelated requirements (no env vars, binaries, or installs).
- Instruction Scope
- noteThe SKILL.md stays within framework documentation and code examples. It references typical runtime APIs (cookies(), headers(), fetch, db.*) as examples — these are expected for Next.js examples but imply the runtime or your app provides DB/HTTP/cookie access. The instructions do not ask the agent to read local system files, secrets, or send data to unexpected endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only content. Nothing is written to disk or downloaded by the skill itself.
- Credentials
- okRequires no environment variables or credentials. Example code references DB calls and fetches that in a real project would need credentials, but the skill itself does not request them.
- Persistence & Privilege
- okSkill is not always-on and does not request elevated/platform-wide privileges. Autonomous model invocation is allowed (platform default) but presents no additional risk here given the skill's read-only instructional nature.