GitHub README Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a simple README generator, but users should know it overwrites README.md and may insert the local Git user name.
This skill looks safe for its stated purpose, but run it only in the project directory where you want README.md created or replaced. Commit or back up any existing README first, and review the generated Author section and output file before publishing.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the generator in a project with an existing README.md can replace that file.
The script unconditionally writes to README.md in the current directory, which is expected for a README generator but can overwrite an existing README without an explicit confirmation or backup step.
echo "$CONTENT" > README.md
Run it in the intended directory only after backing up or committing any existing README.md.
A user may think they are writing to a chosen path while the tool actually modifies README.md in the current directory.
The documentation advertises an output-path option, but the included script always writes to README.md and does not parse this flag, so users may expect behavior the artifact does not implement.
`--output, -o` : Output file path
Review the generated file location and do not rely on the documented --output option unless the script is updated to support it.
Your configured Git name may be included in the README and later published if you commit or share it.
The script reads the local Git user name and uses it as the README author value, which is purpose-aligned but can disclose a local identity in generated project documentation.
GIT_NAME=$(git config user.name 2>/dev/null || echo "")
Review the Author section before publishing the generated README.
Users may need to wire up or run the script manually, increasing the chance of confusion about what command is actually being executed.
The artifact includes a shell script and documents a github-readme-generator command, but no install spec explains how that command is installed or invoked.
No install spec — this is an instruction-only skill.
Inspect the included shell script and invoke it explicitly or add a clear install wrapper before use.