cm-project-bootstrap
Facilitates project initiation by setting up essential infrastructure, design systems, and SEO foundations from day one.
Install this skill
Security score
The cm-project-bootstrap skill was audited on Jun 7, 2026 and we found 28 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 641 | const res = await fetch(`/static/i18n/${this.currentLang}.json`); |
Template literal with variable interpolation in command context
| 651 | return key.split('.').reduce((obj, k) => obj?.[k], this.translations) || `[${key}]`; |
Template literal with variable interpolation in command context
| 946 | console.warn(`⚠️ Found ${rawColors.length} raw color values. Use design tokens instead.`); |
Template literal with variable interpolation in command context
| 997 | expect(missing, `${file} missing keys: ${missing.join(', ')}`).toEqual([]); |
Template literal with variable interpolation in command context
| 1004 | const fullKey = prefix ? `${prefix}.${key}` : key; |
Fetch to external URL
| 644 | const fallback = await fetch('/static/i18n/vi.json'); |
Access to hidden dotfiles in home directory
| 49 | Before asking anything, check if `~/.cm-identity-history.json` exists. |
Access to hidden dotfiles in home directory
| 53 | // ~/.cm-identity-history.json — Auto-maintained across projects |
Access to hidden dotfiles in home directory
| 130 | After creating `.project-identity.json`, update `~/.cm-identity-history.json`: |
Access to hidden dotfiles in home directory
| 424 | Before creating a new design system, check if `~/.cm-design-profiles/` exists. |
Access to hidden dotfiles in home directory
| 428 | // ~/.cm-design-profiles/{org-name}.json |
Access to hidden dotfiles in home directory
| 461 | - After bootstrap, **always save** the design profile to `~/.cm-design-profiles/` |
Access to hidden dotfiles in home directory
| 598 | After setting up the design system, **auto-save** to `~/.cm-design-profiles/{org}.json`: |
Access to hidden dotfiles in home directory
| 610 | - Reuse brand profile from ~/.cm-design-profiles/ |
Access to hidden dotfiles in home directory
| 1282 | 4. Update ~/.cm-identity-history.json with commonly needed skill patterns |
Access to hidden dotfiles in home directory
| 1365 | ✅ ~/.cm-identity-history.json — Identity saved for future suggestions |
Access to hidden dotfiles in home directory
| 1366 | ✅ ~/.cm-design-profiles/{org}.json — Brand design system saved |
Access to .env file
| 390 | .env |
Access to .env file
| 391 | .env.* |
Access to .env file
| 392 | !.env.example |
Access to .env file
| 393 | !.env.test |
External URL reference
| 221 | SUPABASE_URL=https://YOUR_PROJECT.supabase.co |
External URL reference
| 729 | <meta property="og:url" content="https://yourdomain.com"> |
External URL reference
| 730 | <meta property="og:image" content="https://yourdomain.com/og-image.png"> |
External URL reference
| 738 | <link rel="canonical" href="https://yourdomain.com"> |
External URL reference
| 741 | <link rel="preconnect" href="https://fonts.googleapis.com"> |
External URL reference
| 742 | <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> |
External URL reference
| 1197 | Use `npx skills find` to search the community registry at [skills.sh](https://skills.sh): |