FastCP
v1.0.1Multi-target parallel file copy CLI. Reads source once into memory, writes to multiple USB drives concurrently. | 多目标并行复制工具,源文件只读一次,同时写入多个U盘。
⭐ 0· 82·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name, description, and usage all describe a CLI that reads a source and writes to multiple targets; the SKILL.md only documents invoking that CLI and an install suggestion (go install), so the requested capabilities are proportional to the stated purpose.
Instruction Scope
Runtime instructions are limited to running the fastcp tool, identifying mounted drives, and using flags like --verify/--dry-run; the document does not instruct the agent to read unrelated files, environment variables, or exfiltrate data.
Install Mechanism
No platform install spec is provided by the registry (skill is instruction-only). SKILL.md suggests `go install github.com/dongsheng123132/fastcp@latest` which is a normal Go install from a GitHub repo — expected for a CLI written in Go but carries the usual caveat of building third-party code locally (moderate risk if the repository is untrusted).
Credentials
The skill declares no required environment variables, credentials, or config paths; that matches the stated purpose and the SKILL.md (no secret access requested).
Persistence & Privilege
Flags show the skill is user-invocable and not always-enabled; it does not request persistent system-wide privileges or modify other skills' configurations in the instructions.
Assessment
This SKILL.md is coherent and simply documents a CLI tool. However, the skill points to a third-party GitHub repo for installation — you should review the repository or releases before running `go install` or installing any binary. Consider: 1) inspect the source code or release tarball and check commit history/maintainer reputation; 2) prefer pinned versions/tags rather than @latest and verify checksums; 3) run initial tests on non-sensitive, small files and avoid running as root; 4) be cautious with the --preload-all flag (may consume a lot of memory) and with write access to removable drives (ensure you intend the writes). Because there is no bundled code in the skill package, the registry review cannot vouch for the tool's implementation — that review is up to you. If you cannot audit the repo, treat the install as higher risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97dht2y6ht4vq0t49x2d9z0p983ty93
License
MIT-0
Free to use, modify, and redistribute. No attribution required.