Fullstack development toolkit with project scaffolding for Next.js/FastAPI/MERN/Django stacks and code quality analysis. Use when scaffolding new projects, analyzing codebase quality, or implementing fullstack architecture patterns.
Security Analysis
high confidenceThe skill's files, instructions, and requirements are coherent with its stated purpose (project scaffolding and code-quality analysis); it contains Python scripts that operate on local code and templates but does not request unrelated credentials or perform obvious network exfiltration.
The name/description (Fullstack scaffolding + code quality analysis) matches the included assets: a project scaffolder, a code-quality analyzer, and extensive reference docs. There are no unrelated required environment variables, binaries, or install steps that contradict the stated purpose.
Runtime instructions direct the agent/user to run the included Python scripts against local paths (scaffold new projects, analyze project directories). Those scripts read and write files (scaffolder creates project files; analyzer recursively reads source/config files). This is expected for the skill's function, but running them will access arbitrary project files you point them at—review before running on sensitive repositories.
No install spec is provided (instruction-only), which is low risk. The package does include executable Python scripts bundled with the skill; executing them will run code from these files. There are no remote downloads or installers in the manifest.
The skill does not request environment variables, credentials, or config paths. The reference templates and scaffolded files include placeholder secrets and .env examples (e.g., default DATABASE_URL, SECRET_KEY) — these are local boilerplate and not demands for user secrets. The analyzer intentionally looks for hardcoded secrets in code (expected).
The skill is not marked always:true and doesn't request elevated or persistent privileges. It does not modify other skills or global agent configuration. Its behavior is limited to the local file operations performed by the included scripts when invoked.
Guidance
This skill appears to do what it says: it will create project files and scan code on disk using the bundled Python scripts. Before running: (1) inspect the two scripts (scripts/project_scaffolder.py and scripts/code_quality_analyzer.py) yourself — they are plain Python and readable; (2) run them in an isolated directory or sandbox if you are concerned about unintended file writes; (3) don't point the analyzer at sensitive/production directories if you don't want local secrets parsed; (4) be aware scaffolded templates include placeholder secrets and .env examples that you should replace before use; (5) avoid running any untrusted code with elevated privileges. If you want additional assurance, request a content hash or a third-party code review of the scripts.
Latest Release
v1.0.0
- Initial release of the senior-fullstack skill. - Provides project scaffolding for Next.js, FastAPI+React, MERN, and Django+React stacks. - Includes a code quality analyzer: detects security issues, complexity, dependency health, and documentation quality. - Offers guidance and workflows for starting new projects, code audits, and stack selection. - Supplies reference guides on architecture, development workflows, and tech stack choices. - Quick reference materials: decision matrix and solutions to common fullstack issues.
More by @alirezarezvani
Published by @alirezarezvani on ClawHub
