lowcode-platform-development Security Report — Suspicious | ClawSafe

35 /100

lowcode-platform-development

Automates low-code platform creation with Vue2+ElementUI frontend and Java Spring Boot backend

SKILL.md declares executable scripts and shell operations that do not exist in the package - this is a doc-to-code mismatch where documentation describes potentially dangerous capabilities (PowerShell execution, npm/maven builds) without any actual implementation.

Skill Namelowcode-platform-development

Duration38.2s

Enginepi

⚠

Use with caution

Verify the skill's completeness before use. The referenced scripts/generate_project.ps1 is missing, and template directories contain only README placeholders. Request implementation files or clarification from the skill author.

Findings 3 items

Severity	Finding	Location
Medium	Declared PowerShell script missing Doc Mismatch SKILL.md references 'scripts/generate_project.ps1' as the execution mechanism but this file does not exist in the package. Pre-scan confirms hasScripts: false. `- scripts/generate_project.ps1 – PowerShell script that runs the scaffold commands.` → Remove script reference or provide the actual implementation file	`SKILL.md:26`
Medium	Template files are placeholders only Doc Mismatch Both template directories (vue-template, spring-boot-template) contain only README.md files stating 'files are omitted for brevity'. No actual scaffold code exists. `This folder should contain a minimal Vue2 project scaffold... For brevity, the actual files are omitted.` → Provide actual template files or indicate this is a documentation-only skill	`assets/vue-template/README.md:1`
Low	Shell execution described but not implemented Doc Mismatch SKILL.md describes running 'npm install' and 'mvn package' commands, implying shell:WRITE capability, but no script exists to perform these operations. The script creates... and runs `npm install` and `mvn package`. → If shell execution is intended, provide the implementation; otherwise update docs	`SKILL.md:32`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No implementation files exist to verify file operations
Shell	`NONE`	`NONE`	—	SKILL.md:31 mentions scripts/generate_project.ps1 but file does not exist
Network	`NONE`	`NONE`	—	No network access observed

File Tree

5 files · 5.5 KB · 114 lines

Markdown 4f · 96L YAML 1f · 18L

├─ ▾ 📁 assets

│ ├─ ▾ 📁 spring-boot-template

│ │ └─ 📝 README.md Markdown 8L · 363 B

│ └─ ▾ 📁 vue-template

│ └─ 📝 README.md Markdown 9L · 351 B

├─ ▾ 📁 docker

│ └─ 📋 docker-compose.yml YAML 18L · 361 B

├─ ▾ 📁 references

│ └─ 📝 architecture.md Markdown 38L · 1.9 KB

└─ 📝 SKILL.md Markdown 41L · 2.5 KB

Security Positives

✓ No actual malicious code present in the package

✓ No credential harvesting or exfiltration mechanisms

✓ No obfuscated or base64-encoded payloads

✓ No suspicious network requests or C2 indicators

✓ No sensitive path access observed (no ~/.ssh, ~/.aws, .env access)

✓ No reverse shell or RCE payloads

Scan Report

Findings 3 items

File Tree

Security Positives