Workspace Indexer
Security checks across malware telemetry and agentic risk
Overview
The skill’s behavior matches its workspace-indexing purpose, but it can inspect local workspace details, use memory context, and optionally run as a daily maintenance task.
This looks safe to install if you want a local workspace index. Be aware that WORKSPACE_INDEX.md may record directory names, project status, running ports or containers, and memory references; review it before sharing and only enable daily HEARTBEAT updates intentionally.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The generated index may reveal local paths, project names, running ports, container IDs, or service status. The artifacts do not show destructive commands or unrelated execution.
The skill directs the agent to use execution tooling to enumerate workspace structure and inspect service/container status.
使用 `exec` 工具扫描 workspace 目录结构。 ... 检查是否有运行中的服务或容器
Use it only for workspaces you want indexed, and review WORKSPACE_INDEX.md before sharing it or enabling recurring runs.
Relevant memory references or summaries may be written into a persistent local index, which could expose private context if the workspace or index file is shared.
The skill intentionally pulls from persistent memory to annotate the workspace index.
首先使用 `memory_search` 搜索每个目录的相关记忆,了解目录用途和历史。
Review memory-derived entries and avoid enabling this on workspaces where memories contain sensitive or untrusted content.
If configured, the agent may update the workspace index on a schedule rather than only when manually invoked.
The skill recommends a recurring maintenance entry; this is disclosed and user-configured rather than hidden background behavior.
定期维护(建议在 HEARTBEAT.md 中配置每天检查一次)
Only add the HEARTBEAT entry if you want recurring indexing and can tolerate local workspace changes being summarized automatically.