Auto Doc Index
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a purpose-aligned local documentation index generator, with only low-risk notes around local README rewrites, the npx/tsx runner, and generated README content.
This looks safe to consider for documentation repositories. Before installing or using it, run the generator manually first, pin or locally install the tsx runner, verify the README markers, and review the resulting diff—especially if document files come from multiple contributors.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the generator can change README.md files in the project.
The template performs the intended local mutation by rewriting README index content after scanning documentation files.
injectIndex(join(dir, 'README.md'), table); ... writeFileSync(readmePath, updated, 'utf-8');
Run it in a version-controlled workspace, verify the marker placement, and review the generated diff before committing.
If tsx is not already installed or pinned, npx may resolve an external package at run time.
The documented run path uses npx/tsx even though no required binaries or install spec are declared.
npx tsx scripts/generate-doc-index.ts all
Install or pin tsx as a trusted project dev dependency, or run the script with a known local toolchain.
If untrusted contributors can edit document metadata, they could place misleading Markdown text into the generated index.
Metadata from Markdown files is copied directly into a generated README table, which may become persistent shared context for people or agents.
`| ${e.num} | [${e.title}](${e.file}) | ${e.status} | ${e.date} |`Treat source document metadata as reviewable content and consider escaping table delimiters or validating fields in shared repositories.