Simple File Tree
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill coherently lists a local directory tree and shows no evidence of installation, credentials, network transfer, persistence, or destructive behavior.
This appears safe for its stated purpose. Before installing or using it, remember that it prints directory and filename information into the conversation, so avoid running it on folders whose names or structure are confidential.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on a private folder, the resulting output may reveal sensitive project names, personal filenames, or directory structure to the agent conversation.
The skill exposes a local shell-based find command to enumerate a directory tree. This is purpose-aligned and read-only in the provided instructions, but users should choose paths intentionally because filenames and folder names may be sensitive.
allowed-tools: Bash(find:*) ... find <DIR_PATH> -maxdepth 3 | sort | sed 's|[^/]*/| |g'
Use it only on directories whose file and folder names you are comfortable displaying, and specify a reasonable depth for large folders.
On an unusual system without grep, the helper script could fail even though the declared requirements appear satisfied.
The script uses grep, while the declared requirements list find, sort, and sed. This is a minor dependency declaration gap rather than suspicious behavior.
if ! echo "$DEPTH" | grep -qE '^[0-9]+$'; then
The publisher should add grep to the required binaries, or avoid using it in the script.