API Docs Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to be a local API documentation generator with no evidence of credential use, networking, persistence, or destructive behavior.
This looks safe to install from the provided artifacts. Before using it, note that the actual command setup is not clearly defined, and the included script appears to generate a static sample OpenAPI JSON file rather than fully parsing source code as described.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may need to verify how the included command or script is meant to be run before relying on it.
The skill documentation shows CLI usage and the package includes a shell script, but the registry does not define how that command is installed or invoked. This is an installation clarity issue, not evidence of malicious behavior.
No install spec — this is an instruction-only skill.
Confirm the intended invocation method and review the small included shell script before using it in a project directory.