Use when building Spring Boot 3.x applications, microservices, or reactive Java applications. Invoke for Spring Data JPA, Spring Security 6, WebFlux, Spring Cloud integration.
Security Analysis
high confidenceThe skill is instruction-only and its required files, examples, and runtime guidance are consistent with a Spring Boot 3.x engineering helper — it does not request credentials, install software, or perform unexpected actions.
The name/description (Spring Boot 3.x, WebFlux, Spring Data JPA, Security, Cloud) match the included SKILL.md and reference files which provide patterns, code snippets, and templates for those exact topics.
The SKILL.md instructs the agent to act as a senior Spring Boot engineer and produce implementation artifacts (entities, controllers, services, tests). It does not tell the agent to read local files, environment variables, or send data to external endpoints. However, the reference examples contain configuration placeholders and a few permissive or potentially unsafe example settings (wildcard CORS in the gateway/globalcors, actuator show-details: always, example configserver credentials placeholders, use of POST /actuator/refresh). These are examples for implementation, not instructions to exfiltrate data, but you should review any produced configuration before deploying.
This is an instruction-only skill with no install spec and no code files to execute. There is nothing fetched or written to disk by the skill itself.
The skill declares no required environment variables or credentials. Reference snippets include common placeholders (e.g., ${GIT_USERNAME}, ${GIT_PASSWORD}, ${CONFIG_PASSWORD}, jwt.secret) which are expected for sample Spring Boot configs — the skill itself does not demand them. If you use generated code, those variables would need secure provisioning (vault/secret manager) in your environment.
always is false and the skill is user-invocable. It does not request persistent system presence or modify other skills or global agent settings.
Guidance
This skill is coherent and appears to be a template/reference guide for Spring Boot development. It does not request credentials or perform installs, but it contains example configuration placeholders and several permissive example settings (e.g., wildcard CORS, actuator details, example config server credentials). Before using produced code in production: (1) replace placeholders with secrets stored in a secure vault, not in properties files; (2) avoid wildcard CORS in production and lock down actuator endpoints; (3) review gateway and config-server defaults for exposed endpoints and credentials; (4) run an internal code review and security scan on generated configurations and dependencies. If you need stronger assurance, ask the skill author for provenance (homepage/source) or request an explicit list of required env vars for any generated deployment manifests.
Latest Release
v0.1.0
Initial release of spring-boot-engineer skill. - Provides expert guidance for developing Spring Boot 3.x applications, microservices, and reactive Java solutions. - Invokes for topics including Spring Data JPA, Spring Security 6, WebFlux, and Spring Cloud integration. - Defines clear workflow for requirements analysis, secure implementation, testing, and cloud deployment. - Enforces best practices and constraints for project structure, validation, dependency injection, and configuration. - Includes output templates for entities, repositories, services, controllers, DTOs, configuration, testing, and documentation. - References modern Java and Spring technologies and related roles for collaborative development.
More by @Veeramanikandanr48
Published by @Veeramanikandanr48 on ClawHub
