v1.0.0

base64-toolkit

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:21 AM.

Analysis

This appears to be a straightforward base64 utility; the only notable capability is optional user-directed file reading and writing for file encoding/decoding.

GuidanceThis skill is reasonable for base64 transformations. Before installing or using it, be aware that its file helpers can read and write local files when called, so only allow file operations on paths you intend to process.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

index.js

function encodeFile(filePath) { ... fs.readFileSync(filePath); ... } ... function decodeToFile(input, filePath) { ... fs.writeFileSync(filePath, buffer); }

The skill exposes helpers that read an arbitrary caller-supplied file path and write decoded bytes to a caller-supplied output path. This is consistent with the advertised 'File encoding/decoding' feature, and the artifacts do not show automatic use.

User impactIf used with the wrong path, an agent could encode sensitive local file contents or overwrite/create a local file.

RecommendationUse the file helpers only with explicit user-approved paths, and avoid pointing them at sensitive files or important destinations unless that is intended.