Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Create Harness Docs
v2.0.0智能分析项目结构,自动创建符合 Harness Engineering 要求的文档体系。支持 Spring Boot、React、Vue、NestJS、Express、Django、FastAPI、Go 等多种项目类型。
⭐ 0· 51·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description promise to detect project types and create documentation; the included script implements project-type detection (package.json, pom.xml, go.mod, manage.py, etc.), scans source folders, and generates docs/ and CI/workflow files. Required resources (none) align with this purpose.
Instruction Scope
SKILL.md instructs running the bundled node script with flags like --init/--agents/--validate. The script performs local operations: reading project files, scanning directories, running find via execSync, creating directories and writing documentation and CI/test files. This stays within the claimed scope, but be aware it will modify the repository (create docs/, .github/workflows/, tests, etc.).
Install Mechanism
There is no install spec; this is instruction-only plus one bundled Node script. Nothing is downloaded or executed from remote URLs. No package installs or external installers are invoked by the skill itself.
Credentials
The skill declares no environment variables, no credentials, and does not attempt to read config paths outside the project. It does not request secrets or unrelated external access — its filesystem access is proportional to its purpose.
Persistence & Privilege
always:false (default) and normal autonomous invocation settings. The skill does write files into the current project (docs, workflows, tests) which is expected behavior; it does not request persistent system-wide privileges or modify other skills' configs.
Assessment
This skill appears internally consistent, but it will write files and run shell commands inside the repository you run it in. Before running: (1) review the script (scripts/create-harness-docs.js) yourself to confirm you accept the exact changes; (2) run it first in a copy/branch or test repo (or use the smaller flags like --agents) so you can inspect generated files; (3) back up or commit your repo before running; (4) note there are execSync/find calls and filesystem writes — if you need absolute assurance of no network activity, inspect the full script for fetch/HTTP calls (none were detected in the provided portion). If you want extra safety, run the script inside a disposable container or CI job so changes are contained.scripts/create-harness-docs.js:344
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97fshtjyqjt6z962z9xmwxm7983skkz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.