by 安全扫描
OpenClaw
安全
high confidenceThe skill's requested resources and runtime instructions are coherent with its stated purpose of scaffolding frontend projects; there are a few minor metadata and documentation mismatches to verify before use.
评估建议
This skill appears coherent for scaffolding frontend projects, but do these checks before installing or running it: 1) Verify the skill origin — registry metadata owner ID (kn741...) differs from the internal _meta.json ownerId (redhat-agent-001) and there's no homepage/source link; prefer skills with a clear publisher and repo. 2) Decide which environment variables (e.g., API_BASE_URL) you will provide; the SKILL.md references env usage but does not declare names. 3) When the agent scaffolds fi...详细分析 ▾
✓ 用途与能力
The name/description (frontend scaffolding, safe API integration, quality gates) matches the instructions (scaffold project structure, API client layer, lint/tests/build). There are no unexpected credentials, binaries, or installs required for this purpose.
ℹ 指令范围
Instructions are scoped to creating project files, adding a client API layer, accessibility guardrails, tests, and build validation — all consistent. Minor gap: the SKILL.md states the API client's base URL should be provided 'via env' and that outputs include 'notes about env vars', but the skill does not declare any specific required env var names. Also the runtime instructions expect writing files in a 'target directory' (normal for a scaffolder) — confirm the agent has the intended working directory and permissions.
✓ 安装机制
Instruction-only skill with no install spec or code to download; this is low risk and expected for a scaffolding/instruction skill.
ℹ 凭证需求
The skill requests no credentials or config paths (proportionate). It does reference using environment variables for base URL and notes about env configuration, but does not declare specific env vars — this convenience gap is a documentation mismatch rather than a secret-exfiltration risk. No secrets are requested or embedded by the skill itself.
✓ 持久化与权限
always is false, the skill is user-invocable and may be invoked autonomously (platform default) but it does not request persistent system-wide changes or modify other skills/configs. Expected privilege level for a scaffolder.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/24
Initial release of frontend-builder. - Scaffold frontend apps using React (Vite, SPA) or Next.js with a predictable, accessible structure. - Integrates API connectivity with enforced safe practices (env-based config, error handling, no secrets in client code). - Includes quality gates: linting, tests, and build validation. - Covers accessibility, UX, and basic testing requirements. - Outputs clear information on generated files and project commands.
● 无害
安装命令
点击复制官方npx clawhub@latest install axodus-frontend-builder
镜像加速npx clawhub@latest install axodus-frontend-builder --registry https://cn.longxiaskill.com