Xargs Tool
ReviewAudited by ClawScan on May 14, 2026.
Overview
This skill is an xargs-like command runner, but it gives the agent broad local command execution and advertises safety options that the included script does not implement.
Install only if you intentionally want the agent to run local batch commands. Treat it like a powerful command-execution tool: review commands before running them, avoid destructive operations unless you explicitly approve them, and do not rely on the documented dry-run or interactive options unless the implementation is fixed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked carelessly, the agent could use this as a generic local command runner that modifies or deletes files.
The script runs whatever command arguments it is given for each input line, without built-in validation, confirmation, scoping, or safe-mode enforcement.
cmd = sys.argv[1:]
for line in lines:
subprocess.run([c.replace('{}', line) for c in cmd])Require explicit user confirmation for destructive commands, implement real dry-run and interactive modes, and consider restricting allowed commands or target paths.
A user or agent may rely on advertised preview or confirmation behavior that is not actually present in the reviewed implementation.
The documentation presents safety controls, but the included script does not implement option parsing for these controls, which can create a false sense of safety.
-p, --interactive Prompt before each execution --dry-run Print what would be done without executing
Either implement the advertised options correctly or remove them from the documentation and warn users that commands execute directly.
The command may fail or could resolve to an unreviewed local executable depending on the user's environment.
The skill tells users to invoke xargs-tool and includes scripts/xargs.py, but the artifacts do not show how that command is installed or bound to the reviewed script.
No install spec — this is an instruction-only skill.
Provide a clear install spec or declare the required binary, and ensure the invoked command maps to the reviewed implementation.