Which Tool
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: which-tool Version: 1.0.0 The skill is a simple utility to locate executable paths using Python's 'shutil.which' in 'scripts/which.py'. While the 'SKILL.md' documentation describes several advanced features (such as JSON output, symlink resolution, and multiple command support) that are not actually implemented in the provided code, the script itself is safe and lacks any indicators of malicious intent, data exfiltration, or security vulnerabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent may try documented flags such as --json or -a and get failures or incorrect automation assumptions.
The documentation advertises options and multi-command behavior, while the included scripts/which.py only parses one positional argument and calls shutil.which(args.cmd). This is a low-impact reliability/documentation mismatch rather than evidence of malicious behavior.
Options: -a, --all Show all matching paths, not just the first -s, --silent Exit silently ... --json Output as JSON array
Treat this as a simple single-command path lookup unless the implementation is updated to match the documented options.