ClawHub

readme-writer-skill

v1.0.0

Expert README writing skill for open source projects. Use this skill whenever the user wants to write, improve, or review a README for any open source reposi...

0· 194·0 current·0 all-time
by@caopulan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (README writer) align with the provided assets: a SKILL.md plus three large references about README patterns for tools, AI/ML, and frameworks. There are no unexpected env vars, binaries, or install steps requested that would be unrelated to writing READMEs.
Instruction Scope
The SKILL.md describes how the agent should collect project information (ask the user or infer name, purpose, tech stack) and how to construct README content; it does not instruct the agent to read arbitrary host files, to access credentials, or to transmit repository contents to third parties. Note: the guidance contains example installation patterns (including 'curl -fsSL https://get.example.com | sh') and other sample commands which are presented as common README content — these are potentially unsafe patterns if executed by a user without verification, but they do not make the skill itself perform those actions.
Install Mechanism
There is no install spec and no code files that run on the host — this is instruction-only, which minimizes the risk of writing or executing new code on the machine.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths; this is proportionate for a documentation/authoring skill.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill does not request or modify other skills or system-wide settings; nothing here indicates elevated or persistent privileges.
Assessment
This skill appears coherent and low-risk because it's instruction-only and doesn't ask for credentials or install code. Before using it: (1) don't paste secrets or private tokens into prompts or READMEs you generate; (2) treat any example 'install' commands (notably 'curl | sh') as documentation examples only — verify the source before running them; (3) if you want the skill to analyze a repository, prefer providing a sanitized excerpt or grant minimal, explicit repository access rather than pasting entire config files; (4) if provenance matters, ask the publisher for source/homepage or request an auditable code-based implementation rather than an instruction-only skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk976w38zy5j30kc8ejy4dk2jh582mwsf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments