Folder Inspector
WarnAudited by ClawScan on May 18, 2026.
Overview
This folder-scanning skill mostly matches its stated purpose, but it passes the user-provided folder path into a shell command in an unsafe way that could let a crafted path run unintended commands.
Review this skill before installing. It can inspect local folders you ask about, but it should be fixed to avoid shell command injection and to use the bundled helper script path. Do not pass folder paths copied from untrusted sources unless the command-execution issue is corrected.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental folder path could cause arbitrary commands to run with the local permissions of the agent process.
The user-supplied path is interpolated directly into a shell command. Double quotes do not safely prevent shell command substitution or quote-breaking payloads.
const stdout = execSync(`${pythonPath} ${scriptPath} "${args.path}"`);Replace execSync with execFile or spawn using an argument array, validate and canonicalize the path, and avoid invoking a shell for user-controlled input.
On another machine the skill may fail, or it may execute a file at that absolute path that is outside the reviewed package contents.
The skill includes scripts/file_scanner.py, but the runtime uses a hard-coded absolute path tied to a specific local installation instead of the packaged file location.
const scriptPath = '/home/jiajiexu/.nvm/versions/node/v22.20.0/lib/node_modules/@qingchencloud/openclaw-zh/skills/folder_inspector/scripts/file_scanner.py';
Resolve the helper script relative to the skill directory, for example with __dirname, and ensure the packaged script is the one executed.
Local logs may retain sensitive directory names or reveal which folders were inspected.
The helper writes each requested directory path to a persistent local debug log, which is not disclosed in SKILL.md.
with open("/tmp/openclaw_python_debug.log", "a") as f: ... debug_log(f"脚本被调用了!参数路径: {target_path}")Remove debug logging, make it opt-in, or store logs with clear disclosure and restrictive permissions.