Fzf Fuzzy Finder
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you copy and run these examples carelessly, you could delete files you did not intend to delete.
The skill documents using fzf selections as input to file deletion. This is disclosed and user-directed, but a mistaken selection could remove local files.
fzf -m | xargs rm
Use safer variants such as previewing selections first, adding confirmation prompts, or replacing destructive commands with echo/dry-run checks before running them.
Running this against the wrong cluster or namespace could disrupt workloads.
The Kubernetes example can delete selected pods using the user's configured kubectl permissions. This fits the integration-example purpose but is high-impact if run against important environments.
kubectl get pods | fzf -m | awk '{print $1}' | xargs kubectl delete podConfirm the current Kubernetes context and namespace before running destructive kubectl examples, and prefer commands that show the selected resources before deletion.
Selecting the wrong history entry could rerun a destructive or sensitive command.
The suggested alias runs a selected command from shell history through sh -c. This is an explicit, user-added convenience alias, but it can execute arbitrary historical commands.
alias fh='history | fzf | awk "{print \$2}" | xargs -I {} sh -c "{}"'Avoid adding this alias unless you understand it, or modify it to print the command for confirmation before execution.
Shell key bindings and aliases may remain active after setup and affect later terminal sessions.
The skill recommends adding fzf shell integration to persistent shell startup files. This is disclosed and normal for shell integrations, but it changes future shell behavior.
After installing, add to ~/.bashrc or ~/.zshrc:
Only add shell configuration lines you want to keep, and remove them from your shell startup file if you no longer use the integration.
You are trusting your package manager's fzf package and update channel.
The skill depends on installing the external fzf package through a package manager. This is expected for the stated purpose, but the installed binary comes from the package source.
brew | formula: fzf | creates binaries: fzf
Install fzf from a trusted package manager or verify the upstream project before installation.