Makefile Generator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a simple local Makefile generator, but the included script is Node/npm-only and can overwrite a project Makefile.
Before installing or running it, confirm you are in the correct project directory, preserve any existing Makefile, and inspect the generated targets; this looks benign but currently appears suitable only for Node/npm projects.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user requesting a Python or Go Makefile may get an unsuitable Node/npm Makefile instead.
The implementation always writes Node/npm Makefile targets and does not use the selected language, while the skill description advertises Node.js, Python, and Go support.
LANG="${1:-node}"
cat > Makefile << 'MK'
.PHONY: install test build clean dev
install:
npm installReview the generated Makefile before use, especially for non-Node projects.
An existing Makefile could be overwritten, and running `make clean` could delete dependency/build folders.
Running the script writes directly to `Makefile`, and the generated `clean` target removes `node_modules` and `dist` when invoked. This is purpose-aligned but can affect local project files.
cat > Makefile << 'MK' ... clean: rm -rf node_modules dist
Back up or inspect any existing Makefile before generating, and only run generated targets after confirming they match the project.