ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NextJS Frontend Development + Integration

v0.1.1

Generate production-ready Next.js projects with TypeScript, Tailwind CSS, shadcn/ui, and API integration. Use when the user asks to build, create, develop, or scaffold a Next.js application, web app, full-stack project, or frontend with backend integration. Prioritizes modern stack (Next.js 14+, TypeScript, shadcn/ui, axios, react-query) and best practices. Also triggers on requests to add features, integrate APIs, or extend existing Next.js projects.

0· 1.8k·23 current·23 all-time
by@wing8169
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (Next.js + TypeScript + shadcn/ui + API integration) match the included SKILL.md, README, and the single helper script. Declared prerequisites (Node.js, npm/pnpm/yarn, git) are appropriate and proportionate to the stated purpose.
Instruction Scope
The SKILL.md stays focused on scaffolding, UI generation, and optional visual review/live preview features. It includes instructions that require system-level actions (installing Chromium or Nginx via sudo, writing a site config to /etc/nginx, running PM2 on port 3002). Those are coherent with the 'live preview' and 'auto-revision' optional features but do grant the agent instructions that touch system-level config and run processes — the user should be asked for explicit consent before enabling those options.
Install Mechanism
There is no automated install spec (instruction-only), which minimizes the skill's ability to write arbitrary files during install. The only included code is a small, readable screenshot.sh helper that invokes headless Chromium; nothing is downloaded from external or untrusted URLs during skill install.
Credentials
The skill does not request any environment variables, credentials, or config paths. The optional features ask to modify standard system locations (e.g., /etc/nginx) which is expected for configuring a reverse proxy, but no secrets or unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges or modify other skills. It recommends using PM2 to manage project processes, which affects runtime process management but is within the scope of running dev servers and not a hidden persistence mechanism for the skill itself.
Assessment
This skill appears to do what it says: scaffold modern Next.js projects and optionally run visual review and live preview servers. Before enabling optional features, confirm you want the agent to: (1) install system packages (Chromium, Nginx) with sudo, (2) write nginx config files under /etc/nginx, and (3) run a PM2-managed server on port 3002. If you prefer to limit system changes, decline the optional features and run the generated project inside a container/VM or manually review any commands the agent proposes. Also review the generated code and nginx/PM2 commands before applying them on a production machine or exposing ports publicly.

Like a lobster shell, security has layers — review code before you run it.

latestvk975dqjgz66arkype64w1t3qzn80ydya

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments