ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Technical Doc Generator

v1.0.0

Generate professional technical documentation from codebases — API docs, READMEs, architecture diagrams, changelogs, and onboarding guides. Use when writing docs, creating API documentation, or delivering documentation projects.

0· 1k·2 current·2 all-time
bySean Wyngaard@seanwyngaard
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (generate README, API docs, architecture, changelog, onboarding) align with the SKILL.md instructions (scan repo files, detect frameworks, parse git history, generate docs). The allowed tools (Read, Write, Edit, Grep, Glob, Bash) are appropriate for repository scanning and document generation.
Instruction Scope
The instructions are focused on files typically found in a codebase (package.json, pyproject.toml, requirements.txt, go.mod, migrations, models, .env.example, LICENSE, git history). They do not instruct reading system config or external secrets. However, the runtime wording is open-ended ('scan the project', 'detect environment variables') and the skill is permitted to run Bash — so the agent could read any files under the provided path. Users should avoid passing overly broad paths (e.g., / or home) or repositories containing secrets.
Install Mechanism
There is no install spec and no code files; this is instruction-only. That minimizes disk writes and third-party downloads. The SKILL.md implies use of repo-local commands (git, parsing package files) but does not require external installers.
Credentials
The skill declares no required environment variables, credentials, or config paths. The documented behavior (detecting env var names used in the code, reading .env.example) is consistent with documentation generation and does not require access to secrets or external credentials.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges or modification of other skills. Autonomous invocation is permitted by default but not excessive here; nothing in the manifest indicates it will persist or escalate privileges.
Assessment
This skill appears coherent and focused on scanning a codebase to produce docs. Before running it: (1) run it only on repositories you control or on a copied/sanitized snapshot — don't point it at / or your home directory; (2) avoid giving it repos that contain secrets or credentials (it may read .env.example or any file in the path); (3) if you want to limit risk, run in a sandboxed environment with no network access so it cannot fetch external resources; (4) verify generated outputs before publishing (it may infer authentication or configuration details that you should confirm). If you need absolute assurance, ask the skill author for explicit required binaries (e.g., git) and a more constrained instruction set.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d6qps57rn856vfdjy4dbde98131nn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments