ClawHub
Back to skill
v0.1.0

Document Multiple Repository

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:36 AM.

Analysis

This instruction-only skill is coherent and purpose-aligned, but it will read and summarize many files from the local repository root you choose.

GuidanceBefore installing or using it, make sure the ROOT_PATH contains only repositories you want analyzed, keep OUTPUT_PATH controlled, and review the generated docs for secrets or confidential infrastructure details before sharing them.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
Não executar código. Não modificar os repositórios originais. Apenas documentação.

The artifact limits the agent to documentation work and explicitly forbids code execution and modification of original repositories, reducing tool-misuse risk while still requiring file read/write activity.

User impactThe skill should not run project code or alter source repositories, but it may still create files under the chosen output path.
RecommendationChoose a dedicated OUTPUT_PATH and confirm the agent does not write into the original repositories unless that is intentional.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Escanear ROOT_PATH recursivamente... Extrair: README, build files, manifests, API routes, entities, configs.

The skill tells the agent to recursively read a user-selected repository root and extract technical content, including configuration and manifest files, which may contain sensitive internal details.

User impactGenerated documentation could unintentionally include internal architecture, deployment details, business-process notes, or secrets if those are present in the selected repositories.
RecommendationRun it only on an intended repository root, exclude secrets and sensitive directories, and review the generated documentation before sharing or committing it.