Clawdbot Filesystem 1.0.2
PassAudited by ClawScan on May 10, 2026.
Overview
This is a filesystem utility skill with purpose-aligned file listing, searching, and copying features, but users should verify the missing executable/source before relying on it.
This appears to be a benign filesystem helper, but it can read and copy local files. Keep operations scoped to intended folders, use dry-run before copying, and verify the upstream executable because the reviewed artifacts do not include the declared filesystem binary.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to read file contents and copy files in user-selected directories.
The skill declares read-write filesystem authority, which is expected for listing, searching, and copying files, but it can affect local user data if invoked on broad paths.
"permissions": { "filesystem": "read-write", "network": "none", "system": "none" }Use explicit, narrow paths; prefer dry-run for copy operations; avoid pointing it at sensitive directories unless needed.
The skill may not work as packaged, or users may need to obtain executable code from the upstream repository that was not included in this review.
The package declares a runnable filesystem binary, but the supplied file manifest does not include a matching filesystem file, so the executable behavior and claimed safety controls were not reviewable in the provided artifacts.
"bin": { "filesystem": "./filesystem" }Before installing globally or running it, inspect the upstream repository and verify the actual filesystem executable matches the documented behavior.
Users may have less certainty about exactly which release or source they are installing.
The registry source is unknown and the registry/package versions differ, which is a provenance and packaging consistency issue rather than evidence of malicious behavior.
Source: unknown; Registry metadata Version: 1.0.0; package.json Version: 1.0.2
Confirm the package version and repository origin before trusting the skill in sensitive directories.