Frontend Performance
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only frontend performance skill, with only a minor note that it may suggest user-run bundle analysis commands.
This skill appears safe to install as an instruction-only frontend performance advisor. If it suggests running bundle analyzers or Lighthouse-related tools, review the command first and run only trusted tooling in the intended project.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user follows the suggested command, they may execute external tooling locally; this is normal for bundle analysis but should be done with trusted packages.
The skill may recommend running local package/CLI-based bundle analysis tools. This is purpose-aligned and user-directed, but such commands can execute third-party package code in the user's project environment.
直接让用户跑 `npx @next/bundle-analyzer` 或 `vite-bundle-visualizer`,看大模块再说
Run these commands only in trusted projects, prefer official packages and pinned versions where practical, and avoid using elevated privileges unless clearly necessary.