Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose is 'scan a local directory', which matches the code's intent. However, index.js hardcodes an absolute Python script path (/home/jiajiexu/.../scripts/file_scanner.py) and a fixed python binary (/usr/bin/python3) rather than calling the bundled script relative to the skill. The registry metadata declared no required binaries, yet the code assumes python3 exists at a specific location. The hardcoded path referencing another user's home and a global node_modules layout is incoherent with a portable skill package.
Instruction Scope
SKILL.md simply instructs the agent to call the tool for directory queries — that matches behavior. But the implementation writes debug output to /tmp/openclaw_python_debug.log and logs the supplied path, which SKILL.md does not mention. The script also only returns file names and sizes (no types as index.js expects 'type' in table creation), which could lead to runtime errors or truncated output.
Install Mechanism
No install spec (instruction-only) — low install risk. However, the skill implicitly requires a Python interpreter at /usr/bin/python3 and expects the script to exist at an absolute, external path rather than the included scripts/ file. This mismatch is an implementation bug and increases operational fragility.
Credentials
The skill requests no credentials or env vars, which is appropriate. But the hardcoded script path points to /home/jiajiexu/... which is unrelated to the declared package; this either indicates the package was packaged incorrectly or intentionally references a user-specific location. The Python script also writes a debug log to /tmp, which records invoked paths and could leak sensitive filesystem locations to anyone who can read /tmp.
Persistence & Privilege
The skill does not request persistent 'always' presence, does not modify other skills or system-wide config, and does not require elevated privileges. The only side-effect is writing an append-only debug log under /tmp, which is low-privilege but notable.
What to consider before installing
This skill's purpose (listing files and sizes) lines up with its code, but there are red flags you should address before using it:
- index.js uses a hardcoded python path and an absolute script location in /home/jiajiexu/... instead of the bundled scripts/file_scanner.py. That will likely break or point to an unexpected file. Require the author to change scriptPath to use a path relative to the skill (e.g., __dirname + '/scripts/file_scanner.py') and avoid hardcoding /usr/bin/python3 (or at least fall back to 'python3' on PATH).
- The Python script logs every invocation and the provided path to /tmp/openclaw_python_debug.log. This file can leak filesystem paths or be read by others on a multi-user system. If you care about privacy, ask to remove or disable logging or write to a controlled location.
- index.js builds a table expecting a 'type' field that the Python script does not return; this mismatch may cause incorrect output. Ask the author to align returned JSON with the consumer code.
- Because the package source is 'unknown' and the code references another user's home path, treat this as untrusted until corrected. Prefer running it in a sandbox or requesting a corrected release that uses relative paths and documents its logging behavior.
If you don't trust the author or cannot get a corrected package, do not install it system-wide. If you proceed, inspect and modify index.js to use the included scripts/ path and remove or secure the debug logging.Like a lobster shell, security has layers — review code before you run it.
latest
Folder Inspector Skill
当用户询问“某个文件夹里有什么”、“看看这个目录下的文件大小”时使用。 输入参数为文件夹的绝对路径。
参数说明
- path: 目标文件夹的绝对路径。
使用场景
- 当用户询问“目录下有什么”或“查看文件夹大小”时,必须调用此工具。
- 如果用户给出的是相对路径,请尽量结合上下文将其转换为绝对路径。
使用示例
- "帮我看看 /home/jiajiexu 目录下有哪些大文件?"
- "查询一下 /tmp 文件夹的内容。"
Comments
Loading comments...