ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

desktop-organizer

v1.0.0

桌面文件整理技能。当用户要求整理、清理或归类电脑桌面文件时,应使用本技能。它提供了标准化的安全操作流程,并根据预定义的分类规则将文件移动到对应文件夹。支持跨平台(macOS、Linux、Windows)。

0· 161·0 current·0 all-time
by@hujxhed
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description describe desktop file organizing and the SKILL.md only references desktop paths, backups, listing and move/copy operations — required capabilities align with the stated purpose and there are no unrelated environment variables or external services requested.
!
Instruction Scope
The instructions tell the agent to automatically scan, backup and then move files without requiring user confirmation ('此步骤仅为展示,无需等待用户确认,直接继续后续步骤'). Backup is required, but the spec does not require an explicit check of backup integrity (only prints path), has no dry-run option, and contains hard-coded example move commands that could be misapplied. These factors increase the risk of unexpected or irreversible file moves.
Install Mechanism
Instruction-only skill with no install spec or third-party downloads; nothing written to disk by an installer. This minimizes install-time risk.
Credentials
No environment variables, credentials, or config paths requested. The skill only uses standard shell/PowerShell environment variables (HOME, USERPROFILE) appropriate to the task.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously by the agent (platform default). Autonomous invocation combined with automatic destructive behavior in the instructions increases blast radius — the default autonomy is not by itself a problem but is relevant given the instruction-scope concerns.
What to consider before installing
This skill appears to do what it says (backup + move desktop files), but it will automatically perform destructive file operations without strong safeguards. Before enabling or running it: (1) Review and edit SKILL.md to require explicit user confirmation before moving files (remove the 'directly continue' clause); (2) Test on a disposable folder (not your real Desktop) to verify behavior; (3) Ensure backups are created in a safe location (not inside the Desktop) and manually verify the backup contents before allowing moves; (4) Consider changing conflict handling from 'skip' to a safer policy you understand; (5) If you want to minimize risk, keep the skill user-invocable only (don't allow autonomous runs) or run the steps manually/with a dry-run first. If you are uncomfortable with automatic filesystem changes from an unknown source, do not enable the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fv3ah8zmhe6ht67vchgwf7s832qmx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments