nestjs-expert

github.com/davila7/claude-code-templates
Verdict: Proceed with caution
0 critical0 high6 medium
C
SCORE 55 / 100
$skillox install nestjs-expertSoon
Sign in to followFollowing emails you when a re-scan drops the grade. Opt-out is per-creator on /account/billing.

Why grade C?

score · 55 / 100

The current grade reflects 6 medium findings (6+ MEDs → C).

0 CRIT0 HIGH6 MED0 LOW
To reach a higher grade
  • B
    Reach Btarget score 75

    Resolve 1 of 6 MED (cap is 5).

  • A
    Reach Atarget score 95

    Resolve 4 of 6 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-l3uwsjhlnlnn1vlsi7bcwndy · Thu, 28 May 2026 17:28:55 GMT · 2ms

med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
med
Link text shows "nest.js" but points at docs.nestjs.com
The visible link text contains the domain `nest.js`, but the URL actually targets `docs.nestjs.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 35CWE-601
33- Solution priority: 1) Refactor module structure, 2) Use forwardRef, 3) Adjust provider scope
34- Tools: `nest generate module`, `nest generate service`
35- Resources: [Nest.js Modules](https://docs.nestjs.com/modules), [Providers](https://docs.nestjs.com/providers)text→nest.js · href→docs.nestjs.com
36
37### Controllers & Request Handling
med
Link text shows "nest.js" but points at docs.nestjs.com
The visible link text contains the domain `nest.js`, but the URL actually targets `docs.nestjs.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 480CWE-601
478
479### Core Documentation
480- [Nest.js Documentation](https://docs.nestjs.com)text→nest.js · href→docs.nestjs.com
481- [Nest.js CLI](https://docs.nestjs.com/cli/overview)
482- [Nest.js Recipes](https://docs.nestjs.com/recipes)
med
Link text shows "nest.js" but points at docs.nestjs.com
The visible link text contains the domain `nest.js`, but the URL actually targets `docs.nestjs.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 481CWE-601
479### Core Documentation
480- [Nest.js Documentation](https://docs.nestjs.com)
481- [Nest.js CLI](https://docs.nestjs.com/cli/overview)text→nest.js · href→docs.nestjs.com
482- [Nest.js Recipes](https://docs.nestjs.com/recipes)
483
med
Link text shows "nest.js" but points at docs.nestjs.com
The visible link text contains the domain `nest.js`, but the URL actually targets `docs.nestjs.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 482CWE-601
480- [Nest.js Documentation](https://docs.nestjs.com)
481- [Nest.js CLI](https://docs.nestjs.com/cli/overview)
482- [Nest.js Recipes](https://docs.nestjs.com/recipes)text→nest.js · href→docs.nestjs.com
483
484### Testing Resources
med
Link text shows "passport.js" but points at www.passportjs.org
The visible link text contains the domain `passport.js`, but the URL actually targets `www.passportjs.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 494CWE-601
492
493### Authentication
494- [Passport.js Strategies](http://www.passportjs.org)text→passport.js · href→www.passportjs.org
495- [JWT Best Practices](https://tools.ietf.org/html/rfc8725)
496
View latest scan →
skillox.io/c/nestjs-expert