ClawHub
Back to skill
v1.0.0

Clawdbot Filesystem 1.0.2

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:20 AM.

Analysis

Review before installing: the skill advertises broad filesystem read/write commands, but the actual executable those commands rely on is missing from the provided package.

GuidanceBefore installing, verify that the actual filesystem executable is present and comes from a trusted source matching these artifacts. If you proceed, restrict operations to specific project directories, use dry-run for batch copy actions, and avoid searching or copying sensitive folders.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
file manifest
7 file(s): LICENSE.md, README.md, SKILL.md, config.json, package-lock.json, package.json, pnpm-lock.yaml

The reviewed files do not include the 'filesystem' executable, while package.json declares it as the CLI bin and the documentation tells users to run or chmod it. The operational code for the read/write filesystem tool is therefore not in the provided artifacts.

User impactA user may install a skill that points to filesystem-operating code that was not included in the reviewed package, or may fetch/run different code from the external repository.
RecommendationOnly install after obtaining and reviewing the actual filesystem executable from a trusted source; avoid global install or chmod/run steps until the packaged runtime file matches the reviewed artifacts.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
package.json
"permissions": { "filesystem": "read-write", "network": "none", "system": "none" }

The skill explicitly requests read/write filesystem capability. That is aligned with its filesystem-management purpose, but it is high-impact authority if used on broad or sensitive directories.

User impactThe agent could list, search, or copy local files within the paths it is allowed to access, which may affect private or important data.
RecommendationUse narrow paths, prefer dry-run for copy operations, avoid sensitive directories, and require user confirmation before overwrites or bulk operations.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
- **Content Search** - Full-text search within files
- **Context Display** - Show matching lines with context

The skill can retrieve local file contents into the agent's working context. This is purpose-aligned for a search tool, but it may surface sensitive text.

User impactSearch results may reveal secrets, personal information, logs, or other private file contents to the agent session.
RecommendationLimit searches to intended project folders and use include/exclude patterns to keep secrets, credentials, and private documents out of results.