Skillv1.0.0

ClawScan security

API Documentation Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 2:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions for producing API docs are reasonable, but the package claims to 'auto-generate ... from code' while providing no mechanism to access source code (no install, no file access guidance, no env/config requirements) — clarify how code is provided before trusting it.
Guidance: This skill is instruction-only and safe from install-time execution, but it claims to auto-generate docs 'from code' without any mechanism to access your repository. Before installing or using it: (1) Ask the skill author how the agent is expected to obtain source code (upload, paste, repo clone, file path). (2) If you must paste code into the agent, avoid including secrets (API keys, credentials, private tokens) — test first with non-sensitive samples. (3) Prefer using it interactively (user-invoked) rather than allowing autonomous runs, since autonomous operation combined with unclear code-access behavior could prompt credential disclosure. (4) If you need automated repo scanning, prefer a tool that explicitly documents how it accesses repos and what permissions it requires.

Review Dimensions

Purpose & Capability: noteName/description promise: 'Auto-generates ... from code'. What is delivered: an instruction-only SKILL.md that tells the agent how to format documentation but does not say how to obtain or analyze the user's codebase (no guidance to read files, clone repos, or accept a code path). This is an incoherence: a tool that claims to operate on code would normally require repository/file access or explicit instructions to prompt the user for code.
Instruction Scope: noteThe SKILL.md gives a bounded and appropriate formatting checklist (endpoints, auth, schemas, examples) and specifies output format (OpenAPI/Swagger-compatible markdown). It does not instruct the agent to read arbitrary system files, environment variables, or to contact external endpoints. However, it is vague about where endpoint information comes from (implies code input but doesn't describe how to obtain it).
Install Mechanism: okNo install spec and no code files — lowest-risk instruction-only skill. Nothing will be written to disk or automatically installed by the skill itself.
Credentials: okNo environment variables, credentials, or config paths are requested. This is proportionate to the visible instructions, though it reinforces the mismatch: if the skill truly needed automated access to a repository it would typically request repo credentials or a path.
Persistence & Privilege: okalways is false and there are no persistence or privilege escalations declared. The skill does not request ongoing presence or system-level configuration changes.