Unzip Tool
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Extracting an untrusted or unexpected archive could overwrite files in the target directory or place many files there.
The script extracts all ZIP members to the chosen directory. This is expected for the skill's purpose, but it writes local files and does not prompt before overwriting existing paths.
with zipfile.ZipFile(args.file, 'r') as z:
z.extractall(args.dir)Extract only archives you trust, use a new empty destination directory, and consider adding non-overwrite, list, and validation behavior before extraction.
A user or agent may expect safety or inspection options that are not actually available in the provided implementation.
The documentation advertises controls such as selective extraction, archive inspection, and overwrite handling, while the included script only parses an archive path and destination directory and then extracts everything.
support for selective extraction, overwrite control, and archive inspection
Align the documentation with the script or implement the advertised -l, -n, -o, test, and selective extraction behavior.