Back to skill
Skillv2.0.0
ClawScan security
Readme Template · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 7:02 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill does what it says — generates README markdown templates — and its files and behavior are consistent and proportionate with that purpose.
- Guidance
- This skill is coherent with its README-generator purpose. Before running: (1) note that scripts/script.sh will create and write files under ~/.local/share/readme-template by default (you can override with README_TEMPLATE_DIR), so review or run it in a sandbox if you prefer; (2) the template generator uses embedded python printing static markdown — it does not call external endpoints or require credentials; (3) if you only want to generate README content, run scripts/readme-template.sh with the desired template argument; (4) as always, inspect scripts you download and avoid running unreviewed code with elevated privileges.
Review Dimensions
- Purpose & Capability
- okName/description match the contained scripts. The provided scripts generate README templates (various styles) using embedded Python and a small shell utility; no unrelated services, credentials, or binaries are requested.
- Instruction Scope
- noteSKILL.md instructs running scripts/readme-template.sh to produce markdown templates, which is appropriate. The repository also contains scripts/script.sh — a lightweight local utility that creates a data directory (default ~/.local/share/readme-template) and writes logs/data files; this behavior is plausible for a local utility but is not documented in SKILL.md. The scripts do not read system secrets or make network requests; they only write to the user data directory and print output.
- Install Mechanism
- okNo install spec or external downloads. The skill is instruction-only with included scripts, so nothing is fetched from untrusted URLs and no archives are extracted.
- Credentials
- okNo credentials or required environment variables. The shell utility honors README_TEMPLATE_DIR, XDG_DATA_HOME, and HOME to locate its data directory — standard, expected behavior and proportional to storing local logs/data.
- Persistence & Privilege
- okalways:false and normal model invocation. The only persistence is writing into a per-user data directory under ~/.local/share/readme-template (or an overridden README_TEMPLATE_DIR). The skill does not modify other skills or system-wide agent settings.