Uniapp Guide
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only uni-app development guide; its setup commands and developer-tool configuration are purpose-aligned but should be run only from trusted sources.
This skill appears safe as a documentation-only uni-app guide. Before following its setup commands, verify downloads and templates come from official sources, review dependencies, and only enable developer-tool service ports in a trusted local development environment.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running package-manager commands can download and execute third-party project dependencies on the user's machine.
The guide instructs users to fetch a project template and install packages from external sources. This is expected for a development guide, but users should verify the template source and package contents before running installs.
npx degit dcloudio/uni-present-vue#vite my-project cd my-project npm install
Use trusted official templates, review package files before installing, and run setup commands in a dedicated development directory.
A local developer-tool service port may allow IDE or tooling control of the development environment while enabled.
The guide tells users to enable the WeChat Developer Tools service port. This is a normal integration/debugging step, but it exposes a local automation interface that should be limited to trusted development use.
设置 -> 安全设置 -> 开启服务端口
Enable the service port only when needed for local debugging, keep the machine on a trusted network, and disable it after use if not required.