ClawHub

Project Kickstart

v1.0.0

Scaffold any project in seconds. Generate boilerplate for Next.js, React, Python CLI, Express, FastAPI, static sites, and more. Pre-configured with git, lint...

0· 50·0 current·0 all-time
byHa Le@vanthienha199
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (project scaffolding) matches the SKILL.md instructions (generate files, config, CI, README, license). Minor inconsistency: the instructions require running git (git init, commit) but the registry metadata declares no required binaries; declaring git as a required binary would be expected.
Instruction Scope
SKILL.md confines actions to creating project files, initializing a repo, and writing CI/README/LICENSE. It does not instruct reading arbitrary system files, environment variables, or contacting external endpoints for secrets. The agent is asked to produce fully working code and to prefer latest dependency versions, which implies network-aware version selection but not credential access.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That is the lowest-risk model for a scaffolding skill.
Credentials
The skill requests no environment variables or credentials. That is proportionate for a local project scaffolder. It does not request unrelated service tokens or secret-bearing env vars.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence. It does instruct initializing a git repository and making a commit in the working directory, which is expected behavior for scaffolding but is a direct filesystem modification.
Assessment
This skill appears to be what it claims: a project scaffolder. Before using it, confirm the target directory (to avoid overwriting files) and that you want the tool to run git init / make the first commit. Ensure git is available in the environment (the SKILL.md assumes it but the registry metadata doesn't declare it). Review generated files (CI workflows, package manifests, Dockerfiles) before running installs or pushing to remotes. If you want tighter control, ask the agent to output the file tree and file contents first instead of making changes automatically.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d3qx22bw1ye9p9xa2pvbyz183p3n0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments