stack-scaffold
Scaffolds a full-stack project using Next.js, Supabase, Firebase Auth, and more, ensuring a structured setup for developers.
Install this skill
or
59/100
Security score
The stack-scaffold skill was audited on Mar 3, 2026 and we found 21 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 9
Access to .env file
SourceSKILL.md
| 9 | You are an expert full-stack developer. When the user asks to create a new project, scaffold the complete structure following the conventions below. Always confirm the project name and target director |
medium line 17
Access to .env file
SourceSKILL.md
| 17 | 2. **Survey the environment.** Check the current directory structure and installed tools. Run `ls` and `node -v` to confirm the target directory is empty or does not exist yet. Do NOT read, open, or i |
medium line 33
Access to .env file
SourceSKILL.md
| 33 | 3. Ensure `.gitignore` exists and includes at minimum: `.env`, `.env.local`, `.env*.local`, `node_modules/`, `.next/`. The `create-next-app` template already includes these, but verify before any comm |
low line 92
Access to .env file
SourceSKILL.md
| 92 | process.env.NEXT_PUBLIC_SUPABASE_URL!, |
low line 93
Access to .env file
SourceSKILL.md
| 93 | process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY! |
low line 106
Access to .env file
SourceSKILL.md
| 106 | process.env.NEXT_PUBLIC_SUPABASE_URL!, |
low line 107
Access to .env file
SourceSKILL.md
| 107 | process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, |
low line 134
Access to .env file
SourceSKILL.md
| 134 | apiKey: process.env.NEXT_PUBLIC_FIREBASE_API_KEY, |
low line 135
Access to .env file
SourceSKILL.md
| 135 | authDomain: process.env.NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN, |
low line 136
Access to .env file
SourceSKILL.md
| 136 | projectId: process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID, |
low line 137
Access to .env file
SourceSKILL.md
| 137 | storageBucket: process.env.NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET, |
low line 138
Access to .env file
SourceSKILL.md
| 138 | messagingSenderId: process.env.NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID, |
low line 139
Access to .env file
SourceSKILL.md
| 139 | appId: process.env.NEXT_PUBLIC_FIREBASE_APP_ID, |
low line 154
Access to .env file
SourceSKILL.md
| 154 | projectId: process.env.FIREBASE_PROJECT_ID, |
low line 155
Access to .env file
SourceSKILL.md
| 155 | clientEmail: process.env.FIREBASE_CLIENT_EMAIL, |
low line 156
Access to .env file
SourceSKILL.md
| 156 | privateKey: process.env.FIREBASE_PRIVATE_KEY?.replace(/\\n/g, "\n"), |
low line 173
Access to .env file
SourceSKILL.md
| 173 | process.env.NEXT_PUBLIC_SUPABASE_URL!, |
low line 174
Access to .env file
SourceSKILL.md
| 174 | process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!, |
medium line 212
Access to .env file
SourceSKILL.md
| 212 | ### `.env.example` |
medium line 275
Access to .env file
SourceSKILL.md
| 275 | 1. Copy `.env.example` to `.env.local` and remind the user to fill in the values. |
low line 233
External URL reference
SourceSKILL.md
| 233 | NEXT_PUBLIC_APP_URL=http://localhost:3000 |
Scanned on Mar 3, 2026
View Security DashboardGitHub Stars 2.2K
Rate this skill
Categorydevelopment
UpdatedApril 4, 2026
openclawbackendfrontendfullstack-developerbackend-developerfrontend-developersupabasefirebaseverceldevelopment
openclaw/skills