Java Spring Boot
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Spring Boot development guide with standard local coding tools enabled, and the artifacts show no hidden data access, persistence, or exfiltration.
This skill appears safe for its stated purpose. Before installing, note that it can use standard development capabilities to read, edit, and run commands in your project, so review changes and commands as you would with any coding assistant.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may inspect and change project files or run development commands while helping with Spring Boot work.
The skill permits file access, file modification, code search, and shell commands. This is expected for a Spring Boot coding assistant, but it can affect the user's local project if invoked.
allowed-tools: Read, Write, Bash, Glob, Grep
Use it in intended project directories, review proposed file changes, and approve shell commands only when they match your requested task.
You have less information about where the skill came from or how to audit its upstream history.
The registry metadata does not provide an upstream source or homepage, so provenance is harder to independently verify. The supplied artifacts themselves do not show suspicious install behavior.
Source: unknown; Homepage: none
Install only if you trust the registry entry or owner, and keep reviewing the included files when versions change.