ClawHub

Zip

v3.0.1

Compress, extract, list, and encrypt ZIP archives in batch. Use when archiving files, extracting packages, listing contents, encrypting backups, or batching.

0· 372·1 current·1 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (compress, extract, list, encrypt ZIPs) align with the provided script. The script requires zip/unzip at runtime (checked by check_deps), which is appropriate and expected for the stated functionality.
Instruction Scope
Instructions are limited to running the included scripts/script.sh which only operates on local files and uses standard tools (zip, unzip, grep, awk, stat, du). No network endpoints or unrelated system paths are referenced. Note: the password command accepts the ZIP password as a command-line argument, which exposes it to process listings and shell history—this is a security concern for secrets handling (not a coherence issue).
Install Mechanism
No install spec is provided (instruction-only plus a shipped script). Nothing is downloaded or written to disk by an installer; the single script runs using system binaries. This is low risk and proportionate.
Credentials
The skill requests no environment variables or credentials (appropriate). However, the 'password' command requires a plaintext password argument; that design leaks secrets via process arguments and shell history and uses zip's -P which offers weak ZipCrypto encryption—considered a security hygiene note.
Persistence & Privilege
always is false, no special persistence or modification of other skills or global agent settings. The skill is user-invocable and may be called autonomously (platform default), which is expected.
Assessment
This skill appears to do exactly what it says: local ZIP operations using zip/unzip. Before installing: ensure you have zip/unzip available. Do not pass sensitive passwords on the command line (avoid zip password <pass>); instead use interactive/more secure mechanisms or external encrypted key stores because command-line arguments are visible to other users and may be recorded in shell history. Be aware that zip -P uses legacy ZipCrypto which is weak—use stronger encryption tools if protecting highly sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ky0m7r5dnmbabg5m4cmge9836ehe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments