Workspace Files
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a clearly scoped workspace file helper with no evidence of hidden network, credential, or out-of-sandbox behavior.
This appears safe for normal workspace file tasks. Before installing, confirm that /home/cmart/.openclaw/workspace is the correct sandbox path for your environment and be aware that the write command can overwrite files inside that workspace.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses the write command, it can change or overwrite files in the workspace sandbox.
The helper can create or overwrite files, but its write target is resolved under the declared sandbox root before writing.
SANDBOX_ROOT="/home/cmart/.openclaw/workspace" ... printf '%s' "$content" > "$path"
Use this skill for intended workspace files only, and review paths before asking the agent to write or replace important files.
The packaged metadata is slightly inconsistent, so users may want to confirm they are reviewing the intended version.
The embedded metadata version differs from the registry metadata version 1.0.1, which is a provenance consistency issue but not evidence of unsafe behavior.
"version": "1.0.0"
Prefer packages whose registry and embedded metadata match, but this mismatch alone does not indicate malicious behavior.