Tar Tool
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: tar-tool Version: 1.0.0 The script `scripts/tar.py` uses the `tarfile.extractall()` method without any path validation or sanitization. This is a known security vulnerability (Tar Slip) that allows a specially crafted archive to perform path traversal and overwrite arbitrary files on the host system. While the tool's functionality aligns with its description in `SKILL.md`, the lack of safety checks for extraction makes it high-risk for exploitation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Extracting an untrusted archive could overwrite project files, configuration files, or other local files accessible to the agent.
The code extracts all archive members into the current working directory without an explicit destination, path validation, extraction filter, or overwrite controls. Malicious tar archives can contain unsafe paths or links on some Python runtimes, which may cause files outside the intended directory to be written or overwritten.
with tarfile.open(args.file, 'r:*') as t:
t.extractall()Only extract trusted archives in a temporary sandbox directory. The skill should implement safe extraction by validating member paths, rejecting absolute or parent-directory paths, using a safe extraction filter where available, and requiring user confirmation before overwriting files.
The agent may believe it created a compressed backup or used documented tar flags when the included implementation does not support those behaviors.
The documentation advertises tar-style flags and compression creation, but the included script only defines a positional archive path, optional files, and an `-x/--extract` flag, and opens new archives with mode `w` rather than compressed modes.
Supports gzip, bzip2, and xz compression ... `-czf archive.tar.gz files`: Create gzip compressed
Verify the actual command behavior before relying on this skill for backups or distribution, and update the documentation or implementation so they match.