Back to skill
Skillv1.0.0
ClawScan security
README Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 15, 2026, 6:48 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are coherent with its stated purpose (analyzing project files to generate a README) and it does not request extra credentials, installs, or persistent privileges.
- Guidance
- This skill appears to do what it says: scan files in a repository and generate a README. Before installing or running it, confirm the agent will only be given access to the project directory (so it doesn't read unrelated files), back up any existing README (or choose README.generated.md) as the instructions suggest, and ensure the repository does not contain secrets you wouldn't want read by the agent. Also verify how your agent implements filesystem access and whether it will actually prompt before overwriting files in your environment.
Review Dimensions
- Purpose & Capability
- okThe name/description (README generator) matches the actions in SKILL.md: inspecting manifests, source files, CI, Dockerfiles, and producing a README. There are no unrelated credentials, binaries, or configuration paths requested.
- Instruction Scope
- okRuntime instructions explicitly direct the agent to read repository files and run simple directory-listing commands (find / Get-ChildItem) and to write README.md (with a confirmation step described). These actions are within scope for generating a README. The skill does not instruct the agent to read unrelated system files, environment variables, or post data to external endpoints.
- Install Mechanism
- okNo install spec or code files are present (instruction-only). Nothing is downloaded or written to disk by an installer, so install risk is minimal.
- Credentials
- okThe skill declares no required env vars, credentials, or config paths. The SKILL.md does not attempt to access environment secrets beyond inferring configuration from repository files.
- Persistence & Privilege
- okalways is false and the skill does not request or modify other skills' configs or system-wide agent settings. It asks to write README.md in project root but specifies asking before overwriting.