ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

File Reader

v1.0.0

文件读取技能。当用户需要读取文件内容、查看文件、cat 文件时激活。支持读取文本文件、配置文件、代码文件等。

0· 1.4k·18 current·19 all-time
by@jwu26

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jwu26/file-reader.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "File Reader" (jwu26/file-reader) from ClawHub.
Skill page: https://clawhub.ai/jwu26/file-reader
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install file-reader

ClawHub CLI

Package manager switcher

npx clawhub@latest install file-reader
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be a simple file-reader and includes a tiny shell script (read.sh) that cats an arbitrary file—this is coherent with the description. However, SKILL.md instructs calling the script with 'python read.sh', yet no Python-specific code exists and no required binaries are declared. The script actually requires a POSIX shell and the 'cat' utility; the declared requirements omit these and the invocation command is incorrect.
!
Instruction Scope
The SKILL.md instructs running a command that doesn't match the included script (uses 'python' on a bash script). Aside from that mismatch, the instructions only direct reading the file path provided by the user; there are no hidden endpoints, extra env vars, or references to unrelated files. The mismatch could cause failures or unexpected behavior if an agent follows the instructions literally.
Install Mechanism
No install spec (instruction-only) and only three small files are included. Nothing is downloaded or extracted during install, which is low-risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate for a file-reading helper.
Persistence & Privilege
The skill is not forced always-on and uses normal agent-invocation defaults. It does not modify other skills or request elevated/persistent privileges.
What to consider before installing
This skill appears to be a minimal file-reader, but the SKILL.md contains a clear mistake: it says to run the bundled read.sh with 'python', while read.sh is a bash script that runs 'cat'. Before installing or enabling it, ask the author to fix the invocation (e.g., 'bash read.sh' or './read.sh') or update the script to be Python. Also note that the script will read any file path given to it, so avoid using it to read sensitive system files or secrets. If you plan to allow autonomous invocation, be extra cautious because the agent could read files without interactive confirmation; test the skill in a safe sandbox first and verify the corrected instructions and script behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cbwzg3x3qqvh3487qv0nv2s82hytd
1.4kdownloads
0stars
1versions
Updated 14h ago
v1.0.0
MIT-0
@jwu26
latest
Download

file-reader

概述

文件读取技能。当用户需要读取文件内容、查看文件、cat 文件时激活。支持读取文本文件、配置文件、代码文件等。

基本使用方法

python  read.sh "<file>"

命令行参数

参数说明
<file>要读的文本(必填)

Comments

Loading comments...