Vue Expert
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a normal Vue development guidance skill, with only copied-example risks around setup commands and app credentials or tokens.
This appears safe to use as an instruction-only Vue guidance skill. When copying generated examples, manually review any npm/npx commands, Sentry tokens, session cookies, token persistence, service workers, and device-permission code before adding them to a real project.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user copies and runs these commands, they can install dependencies and add native platform files to the current project.
The reference includes shell commands for Quasar and Capacitor project setup. They are relevant to the stated mobile/hybrid Vue purpose and are presented as user-directed examples, not as automatic skill execution.
npm init quasar ... npx cap add android ... npx cap sync
Run setup commands only in the intended project directory, review package prompts, and understand platform permissions before proceeding.
If copied into a real project, builds may authenticate to Sentry and upload source maps, which can expose source structure to that configured service.
The build tooling reference shows an external Sentry integration using an auth token and source-map upload configuration. This is purpose-aligned build guidance, but it involves project credentials if used.
authToken: process.env.SENTRY_AUTH_TOKEN
Use least-privilege tokens, keep them in environment variables, and confirm that uploading source maps is appropriate for the project.
If copied into an application, an authentication token may remain available in browser storage for the session.
The Pinia persistence example stores an auth token in browser sessionStorage. This is a common app pattern, but auth token persistence is sensitive and should be deliberate.
persist: { key: 'auth-storage', storage: sessionStorage, paths: ['token'] }Avoid persisting sensitive tokens unless necessary, prefer secure server-managed sessions where possible, and scope persistence to the minimum required data.