Technical Doc Generator
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign documentation helper, but it can read and write within the chosen codebase and may capture internal architecture or configuration details in generated docs.
This skill looks reasonable for generating docs from a codebase. Use it on a deliberate project path, keep the project under version control, inspect the generated files, and remove any sensitive configuration, architecture, or internal service details before publishing.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong directory, it could read or modify more project files than intended.
The skill can inspect, modify, search, and run commands in the selected codebase. This is expected for documentation generation, but it is still broad local authority.
allowed-tools: Read, Write, Edit, Grep, Glob, Bash
Run it from a version-controlled project directory, pass an explicit path when possible, and review generated diffs before committing or sharing.
Generated docs could expose internal design or configuration details to readers who receive the documentation.
The generated documentation may persist summaries of configuration, environment variable names, architecture, database schema, and dependencies. This is aligned with the skill purpose, but those details may be sensitive if the docs are shared externally.
Configuration: [Detected from .env.example, config files, environment variables in code]
Review generated documentation for secrets, internal URLs, sensitive architecture details, and environment-specific values before publishing or sending it to clients.