ClawHub

Shadows Doc Forge

v1.1.0

Auto-documentation generator — analyzes code and generates README, API docs, architecture docs, inline comments. Use when documentation is missing or outdated.

0· 261·0 current·0 all-time
by@nakedoshadow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (auto-documentation) match the instructions: the skill only reads source files, analyzes code structure, and writes markdown docs. It does not request unrelated binaries, cloud credentials, or system config paths.
Instruction Scope
The SKILL.md explicitly instructs the agent to list directories, read entry points/configs, analyze code, and write new markdown files. That is appropriate for a doc generator. One minor caution: the instructions are broad about "scan the project structure" and "read configs" — in practice that means the agent will read any files in its workspace, which could include sensitive config files if they exist. The skill states it will not execute code or make network calls; that is consistent, but 'verify every code example and function signature' is ambiguous about whether verification is purely static.
Install Mechanism
Instruction-only skill with no install spec and no code files. No packages or downloads are performed, so there is no install-time risk.
Credentials
No environment variables, credentials, or config paths are required or declared. The SKILL.md does not reference any secrets or external tokens.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It writes generated docs as new files alongside source (expected behavior) and does not claim to modify existing source or other skills' configurations.
Assessment
This skill appears coherent for generating documentation. Before installing or invoking it, confirm that the agent will be restricted to the intended repository/workspace so the skill cannot read unrelated sensitive files (e.g., .env, private keys). Review generated docs before committing them. Note the skill metadata shows no verified source/homepage in the registry (SKILL.md contains an internal homepage string), so if provenance matters, ask the publisher for an authoritative source or audit the agent's runtime logs to ensure it does not execute code or call external endpoints despite the SKILL.md claim.

Like a lobster shell, security has layers — review code before you run it.

latestvk974gz2qe6p3x6f4cw6b5aet8n82efr0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
OSmacOS · Linux · Windows

Comments