Batch File Processor
v1.0.0Parallel batch processing of large file sets using sub-agents (summarize, analyze, extract, transform). Use when performing the same operation across many fi...
⭐ 0· 142·0 current·0 all-time
by@ddpie
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the instructions: the SKILL.md explains batching, sub-agents, and file summaries. The skill does not declare required environment variables or config paths, yet the runtime instructions assume access to the host filesystem and a sub-agent/session API. This omission is a declaration gap (not necessarily malicious) — the skill legitimately needs file-read and sub-agent capabilities but doesn't state them explicitly.
Instruction Scope
Instructions explicitly tell sub-agents to 'Read the following files completely' and use shell find to enumerate files. That is coherent for summarization/analysis, but it means the skill will read full file contents (which can include secrets). There are no instructions requiring other unrelated data sources, network exfiltration endpoints, or environment variables. The guidance lacks safeguards (allowlist/denylist, size limits, or redaction) which raises privacy risk if run against sensitive directories.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is written to disk or downloaded during install. This is the lowest-risk install model.
Credentials
The skill requests no credentials or env vars in metadata, which is appropriate. However, it implicitly requires permission to read arbitrary files and to spawn/collect sub-agents (sessions_yield). Ensure those implicit privileges are minor and scoped; otherwise the ability to read many files could expose sensitive data.
Persistence & Privilege
always is false and the skill does not request persistent/privileged presence or claim to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill is coherent with its stated purpose but you should confirm runtime permissions before using it: only run it on directories you trust, or configure an allowlist of paths and file types. Verify your agent platform supports spawning sub-agents and that sessions_yield behavior is safe and rate-limited. Consider testing on non-sensitive sample files first, set size/time limits (the template mentions timeouts), and avoid running it with elevated privileges or against folders containing secrets (keys, credentials, etc.). If possible, add explicit safeguards (path allowlist/denylist, max file size, redaction rules) before processing large or sensitive file sets.Like a lobster shell, security has layers — review code before you run it.
latestvk97czdafkh0trj4k1qfv94yqh583ce4v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.