ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GitHub README Generator

v1.0.0

Generate beautiful, professional GitHub README files for your projects. Supports multiple templates, languages, and customization options.

0· 340·4 current·4 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided assets: SKILL.md documents a README generator and the repository includes a .sh script that generates README.md from templates and inputs. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Runtime instructions are limited to generating README content and invoking the included shell script. The script only reads .git/user.name (if present) to populate author name and writes README.md in the current directory. It does not send data to external endpoints or read unrelated system files. Note: placeholder replacement uses sed with unescaped user input, which can mis-handle certain characters (e.g., slashes) — a robustness issue, not evidence of malicious scope creep.
Install Mechanism
No install spec or remote downloads; the skill is instruction-only with an included shell script. Nothing is fetched from external URLs or installed automatically.
Credentials
No required environment variables or credentials. The script optionally respects AUTHOR_NAME if set and reads git config user.name locally; both are reasonable and proportional to the stated purpose.
Persistence & Privilege
Skill does not request persistent presence (always is false), does not modify other skills or system-wide agent settings, and performs only local file output (README.md).
Assessment
This skill appears to do what it says: it runs a local shell script that writes README.md from templates and may read your local .git user.name. Before installing/running: (1) review the included github-readme-generator.sh (you already have it) and ensure you trust the author, (2) run it in a safe directory because it will overwrite README.md, (3) be aware the script uses simple sed substitutions that may behave oddly if your project name or description contain unusual characters (slashes, braces), and (4) no credentials or network calls are requested by the skill, so there is low risk of secret exfiltration. If you want extra safety, run the script in a disposable repo or review/modify it to sanitize inputs before use.

Like a lobster shell, security has layers — review code before you run it.

documentationvk97et5jhv7rb8769f2fnr80eg1824c8fgeneratorvk97et5jhv7rb8769f2fnr80eg1824c8fgithubvk97et5jhv7rb8769f2fnr80eg1824c8flatestvk97et5jhv7rb8769f2fnr80eg1824c8freadmevk97et5jhv7rb8769f2fnr80eg1824c8f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis

Comments