Tree Tool
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running it on a home directory, project root, or other sensitive folder may reveal the names of private files or directories, though the script does not read file contents.
The tool accepts an arbitrary local path and recursively prints directory entry names. This is the stated purpose, but broad paths can expose private filenames or folder names if the output is shared.
parser.add_argument('path', nargs='?', default='.') ... items = sorted(os.listdir(p)) ... print(prefix + ('└── ' if is_last else '├── ') + item)Run it only on intended folders, use a limited depth, and review the output before sharing it with others.
Commands copied from the documentation may fail or behave differently than expected, including showing hidden filenames by default rather than only with a hidden-file option.
This code defines -d as a depth argument, while SKILL.md documents -d as directories-only and lists other options such as -L, -a, -h, and -I that the script does not implement. Users may over-trust documented scope or filtering controls that are not actually present.
parser.add_argument('-d', '--depth', type=int, default=3)Verify the actual supported arguments before relying on the documented options, and do not assume exclusion or hidden-file controls are available unless implemented.