Skillv1.0.0

ClawScan security

File Browser Operator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 5:08 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated FileBrowser purpose, but there are mismatches and privacy risks (reading local config/.env, using credentials not declared in metadata, and offering to return file contents or create public share links) that deserve review before installation.
Guidance: Before installing or enabling this skill: 1) Confirm where credentials will come from — insist the author list required env vars (FB_BASE_URL/FB_USER/FB_PASSWORD) or config path in the manifest so you know what secrets the skill may read. 2) Ensure kam-filebrowser-operator/config.json or .env does not contain other unrelated secrets; prefer a dedicated config with least-privilege credentials or short-lived service account with access limited to the intended scope. 3) Verify the configured scope value is correct and restrictive (so the skill cannot access files outside the intended directory). 4) Require explicit user confirmation before any download, deletion, user-management, or share-link creation actions; treat share links as public and audit their creation. 5) If you accept the skill, run it first against a non-sensitive test scope to confirm behavior. 6) Ask the author to update the registry metadata to declare required env vars/primary credential and to document any places the agent will read workspace files — this reduces surprises.

Review Dimensions

Purpose & Capability: noteName and description align with the instructions: the skill is designed to call FileBrowser REST APIs for listing, upload/download, sharing, and user management. Nothing in the manifest demands unrelated cloud or system credentials. Minor inconsistency: the registry metadata declares no required env vars or primary credential, yet SKILL.md expects to obtain baseUrl/username/password from a local config, .env, or environment variables (FB_BASE_URL/FB_USER/FB_PASSWORD). This is plausible but should be declared explicitly by the author.
Instruction Scope: concernSKILL.md instructs the agent to read kam-filebrowser-operator/config.json (if present), project .env, or environment variables and then perform listing, download/upload, delete, share-link generation, and admin user operations. Reading .env or local config files can expose unrelated secrets in the workspace. The skill also supports returning file raw contents in-chat or generating public share links — legitimate for the purpose but high-impact for data exfiltration if misused or if the agent has unintended access. The document forbids uploading credential files, but this relies on correct agent behavior and user caution.
Install Mechanism: okInstruction-only skill with no install spec and no bundled code — lowest install risk. There is nothing downloaded or written by an installer step in the manifest.
Credentials: concernThe skill does not declare required environment variables in the registry metadata, but the runtime instructions explicitly reference config.json and environment variables (FB_BASE_URL/FB_USER/FB_PASSWORD) as credential sources and discuss admin tokens for user management. Not declaring these in metadata is an inconsistency that deprives users of a clear upfront view of what secrets the skill will access. The number and sensitivity of required credentials (login/password, possible admin token) are reasonable for FileBrowser integration, but they must be explicitly declared and limited.
Persistence & Privilege: okThe skill does not request always:true and does not include install-time hooks. It does require access to local workspace files (config.json, .env) when present; that is expected for this type of integration but increases the risk if those files contain unrelated secrets. The skill does not request modifying other skills or global agent settings.