Tar
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward tar archive helper; it can read and write local archive files, so use it only on intended paths and trusted archives.
This skill appears safe for normal archive management. Before installing or invoking it, confirm the needed local tools exist and be careful with extract/add/create paths, especially for untrusted archives or directories containing sensitive files.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is directed to extract or add the wrong archive or path, it may create, overwrite, or bundle local files.
The script invokes the local tar tool on user-supplied archive and file paths to create, extract, and append archive contents. This is purpose-aligned, but it can change local files.
tar -c${compress}vf "$archive" "$@" ... tar -x${compress}vf "$archive" -C "$outdir" ... tar -rvf "$archive" "$@"Review archive and output paths before create, extract, or add operations; list or verify untrusted archives first and extract them into an empty temporary directory.
The skill may fail or behave differently on systems without the expected Unix tools or compatible command variants.
The script declares local tool requirements, while the supplied registry metadata lists no required binaries. This is an under-declared dependency issue rather than hidden behavior.
Requires: tar, file
Ensure bash, tar, file, and standard Unix utilities are available before use; the publisher should declare these runtime requirements in metadata.