ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI README Manager

v1.3.3

Manages AI_README.md files so AI agents remember your project conventions across every session

1· 60·0 current·0 all-time
byDraco.Cheng@draco-cheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (manage AI_README.md files and provide project conventions) align with the provided tools (get_context_for_file, init/update/compress/discover) and the declared install package (ai-readme-mcp). There are no unrelated env vars or binaries requested.
Instruction Scope
Runtime instructions are narrowly scoped to reading/updating AI_README files and to always call get_context_for_file before code tasks. They also instruct editing ~/.openclaw/openclaw.json and registering an MCP server (openclaw mcp set), which is part of setup but introduces broader filesystem and config changes than the skill metadata documents.
!
Install Mechanism
Installation/setup relies on running 'npx -y ai-readme-mcp@1.3.3' (a dynamic npm fetch+execute). npx will download and execute package code under your user account at runtime — a moderate-to-high risk install mechanism because it executes third-party code not included in the skill bundle. The SKILL.md points to a GitHub homepage, which helps with vetting, but the runtime fetch still requires you to trust the npm package contents.
!
Credentials
Metadata declares no required config paths or env vars, yet the instructions explicitly tell you to edit ~/.openclaw/openclaw.json to register an MCP server. This is an inconsistency: the skill will modify a user config file and create a persistent server entry, which is not declared in requires.configPaths. Also, running the MCP (npx package) will run with your environment/FS access — the risk depends on what secrets or files are present in that environment.
Persistence & Privilege
always:false (normal), but the recommended setup instructs adding a persistent MCP server entry to your OpenClaw config. That makes the package runnable by the platform over time. Autonomous invocation is allowed by default; combined with the install mechanism (remote npm execution) this increases the blast radius compared to a purely instruction-only skill.
What to consider before installing
Before installing: 1) Inspect the npm package and its GitHub repo (ai-readme-mcp@1.3.3). Do not blindly run 'npx -y' — npx fetches and executes code with your privileges. 2) Backup ~/.openclaw/openclaw.json and review any config changes the skill would make. 3) Consider installing and running the package in an isolated environment (container or VM) first, or download the package tarball (npm pack) and audit its contents. 4) Ensure no sensitive environment variables or credentials are present when you first run the MCP. 5) If you proceed, pin the exact package version and monitor the MCP entry; remove it if you see unexpected behavior. The main incoherence to be aware of: the SKILL.md requires editing your OpenClaw config and running remote code, but the skill metadata does not declare that config path — verify and audit the package before trusting it.

Like a lobster shell, security has layers — review code before you run it.

latestvk978rrk609cxf599vph2kak1n984w9z8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis

Install

Node
Bins: ai-readme-mcp
npm i -g ai-readme-mcp

Comments