Folders
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: folders Version: 1.0.0 This skill bundle is classified as benign. The `SKILL.md` instructions explicitly guide the AI agent to perform folder operations with strong security checks, including canonicalizing paths, rejecting operations on critical system directories (e.g., `/etc`, `C:\Windows`), and using the OS trash for deletions instead of permanent removal. There is no evidence of prompt injection with malicious intent, data exfiltration, unauthorized execution, or persistence mechanisms. The instructions prioritize user consent and safe file system interactions, aligning perfectly with the stated purpose of indexing and managing user-level folders.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may remember where your important folders are across later uses of the skill.
The skill creates persistent local memory of folder paths and notes. This is purpose-aligned, but folder names and project locations may be sensitive.
Maintain a lightweight index at `~/.config/folder-index.json` to know where important things are without rescanning.
Install only if you are comfortable with a local folder index, and periodically review or delete ~/.config/folder-index.json if it contains sensitive paths.
If asked to clean folders, the agent could move build or dependency directories to trash, which may affect local development until rebuilt.
The skill includes local cleanup guidance that can remove folders, though it mitigates impact by using the OS trash and focusing on common rebuildable artifacts.
Use OS trash instead of permanent delete ... Build artifacts safe to delete: node_modules, __pycache__, .gradle, build/, target/, Pods/, .next/
Confirm cleanup actions before they run, especially in work projects or on network drives.