← Back to Skills Marketplace
Senior Backend
by
Alireza Rezvani
· GitHub ↗
· v2.1.1
· MIT-0
2941
Downloads
0
Stars
19
Active Installs
3
Versions
Install in OpenClaw
/install senior-backend
Description
Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the...
Usage Guidance
This skill contains real tooling that matches its description, but it also expects credentials and can perform actions that modify databases or generate heavy network traffic. Before installing or invoking it: 1) Review the bundled Python scripts yourself (they are included) and confirm you trust their behavior. 2) Don't run the migration tool against production databases without backups and a least-privilege DB user; run on staging first. 3) Only target load tests at systems you own or have explicit permission to test; otherwise you could cause outages or legal issues. 4) Because the manifest does not list required secrets but the code uses them (DB credentials, JWT secrets, webhook secrets), explicitly identify which environment variables you'll supply and prefer temporary, least-privileged credentials. 5) Run the scripts in an isolated environment (container or isolated VM) and consider running static/lint/security scans (e.g., bandit, flake8) before giving any credentials. If you want, ask the publisher for an explicit list of required env vars and a safety checklist for running migrations and load tests.
Capability Analysis
Type: OpenClaw Skill
Name: senior-backend
Version: 2.1.1
The 'senior-backend' skill bundle provides a comprehensive set of tools for backend development, including API scaffolding, database migration analysis, and performance testing. The Python scripts (api_load_tester.py, api_scaffolder.py, and database_migration_tool.py) are well-structured, use standard libraries, and lack any indicators of malicious intent such as data exfiltration, unauthorized network calls, or obfuscated code. The documentation in SKILL.md and the reference guides promote industry-standard security practices (OWASP Top 10, input validation, and secure JWT handling) and do not contain any prompt injection attempts or harmful instructions.
Capability Assessment
Purpose & Capability
The skill name/description (API design, DB migrations, load testing) matches the included artifacts: an API scaffolder, database migration tool, load tester, and multiple backend/security references. The requested binaries/env in metadata are minimal (none), which is plausible for a pure Python script bundle, but see environment_proportionality for problems.
Instruction Scope
SKILL.md instructs the agent (or user) to run bundled scripts that accept database connection strings and API endpoints and can perform schema analysis, generate and run migrations, and run high-concurrency HTTP load tests. Those actions can modify production databases or generate high traffic against external services. The instructions and examples also reference environment variables and secrets (e.g., $DATABASE_URL, process.env.JWT_SECRET, STRIPE_WEBHOOK_SECRET) and do not include explicit safeguards or authorization checks. The skill gives the agent broad discretion to run operations that access internal resources and perform potentially destructive actions.
Install Mechanism
There is no install spec; this is instruction-only with bundled Python scripts. No remote downloads or package installers are specified, so nothing will be fetched at install time. Risk comes from executing the included scripts (they are present in the bundle) rather than from installation.
Credentials
The registry metadata declares no required environment variables, but SKILL.md examples and the bundled code reference many sensitive env vars and secrets (DATABASE_URL, DB_HOST/DB_USER/DB_PASSWORD, JWT_SECRET, JWT_REFRESH_SECRET, STRIPE_WEBHOOK_SECRET, LOG_LEVEL, etc.). That mismatch means the skill expects access to credentials and secrets that were not disclosed in the manifest. Requiring DB credentials or signing secrets is reasonable for a migration or auth helper, but the lack of explicit declared env requirements is a transparency problem and increases risk if the agent is given those secrets.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-level privileges. It appears not to modify other skills or system settings. The primary concern is runtime: the scripts, when executed, can perform DB migrations and network load tests but they do so only when invoked.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install senior-backend - After installation, invoke the skill by name or use
/senior-backend - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.1
v2.1.1: optimization, reference splits
v1.0.0
Initial release of the senior-backend skill.
- Provides API design, database optimization, authentication, microservices, code review, GraphQL, migrations, and load testing guidance.
- Includes workflows and quickstart examples for Node.js/Express/Fastify, PostgreSQL, and backend architecture.
- Documents three main tools: API Scaffolder, Database Migration Tool, and API Load Tester.
- Offers step-by-step guides for API design, database performance tuning, and security hardening.
v0.1.0
- Initial release of the "senior-backend" skill, designed for advanced backend engineering tasks.
- Provides workflows and tools for REST API design, database query optimization, authentication, microservices, code review, GraphQL setup, migrations, and API load testing.
- Supports Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
- Includes reference workflows and usage examples for API scaffolding, database migration automation, and performance/load testing.
- Offers quick commands, boilerplate code, and best practices documentation for common backend scenarios.
Metadata
Frequently Asked Questions
What is Senior Backend?
Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the... It is an AI Agent Skill for Claude Code / OpenClaw, with 2941 downloads so far.
How do I install Senior Backend?
Run "/install senior-backend" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Senior Backend free?
Yes, Senior Backend is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Senior Backend support?
Senior Backend is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Senior Backend?
It is built and maintained by Alireza Rezvani (@alirezarezvani); the current version is v2.1.1.
More Skills