Umask Tool
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is very small, but its included script silently sets the file-creation mask to the most permissive value instead of only showing or safely applying a user-selected mask.
Review carefully before installing or invoking. A safe umask display tool should restore the original mask after reading it, and a setter should require an explicit user-provided mask and explain the scope of the change.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this code is used by the agent in a persistent process, later files may be created with overly permissive default permissions.
Calling os.umask(0) does not merely read the current mask; it changes the process umask to 000 and returns the previous value. The script does not restore the old mask or honor a user-supplied mask.
print(oct(os.umask(0)))
Do not rely on this skill as-is. The script should restore the previous mask when displaying it, parse and validate user-supplied masks, and clearly document whether changes affect only a subprocess or the user's shell/session.
A user or agent may believe they are only checking the current setting while actually invoking code with a permission-changing side effect.
The documentation presents the no-argument command as a read-only display operation, but the included implementation changes the umask to 000 before printing the previous value.
# Show current mask umask-tool
Update the documentation and implementation so the display path is genuinely read-only or explicitly restores any temporary change immediately.