Readme Template
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a local README template generator with no credentials or network access, though it includes an extra helper script that can write local logs.
This looks safe to use for generating README templates if you are comfortable running a local shell/Python script. Prefer the documented scripts/readme-template.sh commands, avoid putting secrets in command arguments, and review the installed files if you plan to use the extra scripts/script.sh helper.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may execute a local script to generate output; the reviewed visible behavior prints Markdown templates.
The documented workflow runs an included local shell script. This is expected for a local README generator, but users should recognize it is code execution rather than text-only prompting.
bash scripts/readme-template.sh standard myproject
Run it only from the installed skill directory and review the generated README content before saving or publishing it.
If a user or agent invokes the extra helper directly, they may get behavior beyond README template generation.
This included helper exposes a generic utility/data command set that is not part of the documented README-template usage in SKILL.md. It is not shown as auto-invoked and has no network or destructive behavior, so this is a package-coherence note rather than a concern.
# readme-template - Multi-purpose utility tool ... Commands: run config status init list add remove search export
Document or remove the extra helper if it is not intended to be part of the skill, and use the documented readme-template.sh commands for README generation.
Command arguments passed to that helper could remain in local history/data files, including any sensitive text a user accidentally provides.
If the extra helper is run, it creates persistent local files and logs command arguments. This local persistence is not described in the README-template workflow.
DATA_DIR="${README_TEMPLATE_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/readme-template}"
DB="$DATA_DIR/data.log"
mkdir -p "$DATA_DIR"
_log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; }Avoid passing secrets to the helper script, and clear or avoid the data directory if local command history is not desired.