Technical Doc Generator
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: technical-doc-generator Version: 1.0.0 The skill is classified as suspicious primarily due to the explicit inclusion of `Bash` in the `allowed-tools` list within `SKILL.md`. While the instructions themselves do not contain overtly malicious commands or prompt injection attempts, the ability to execute arbitrary shell commands (`Bash`) combined with broad file system access (reading codebases, config files like `.env.example`) presents a significant vulnerability. This capability could be exploited for remote code execution, data exfiltration, or other harmful actions if the agent's behavior is manipulated via prompt injection or if the skill were used by a malicious actor.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong directory, it could read or modify more project files than intended.
The skill can inspect, modify, search, and run commands in the selected codebase. This is expected for documentation generation, but it is still broad local authority.
allowed-tools: Read, Write, Edit, Grep, Glob, Bash
Run it from a version-controlled project directory, pass an explicit path when possible, and review generated diffs before committing or sharing.
Generated docs could expose internal design or configuration details to readers who receive the documentation.
The generated documentation may persist summaries of configuration, environment variable names, architecture, database schema, and dependencies. This is aligned with the skill purpose, but those details may be sensitive if the docs are shared externally.
Configuration: [Detected from .env.example, config files, environment variables in code]
Review generated documentation for secrets, internal URLs, sensitive architecture details, and environment-specific values before publishing or sending it to clients.