Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lexi
v1.1.0Filesystem librarian for OpenClaw environments. Systematically scans, catalogs, and organizes the entire file structure — identifying orphaned files, misplac...
⭐ 0· 58·0 current·0 all-time
byM. Christopher Roebuck@mcroebuck
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (filesystem librarian) matches the runtime instructions and the scanning framework. All declared behaviors (inventory, classification, deduplication, archive) are coherent with an on-disk audit tool. There are no unexpected required binaries, env vars, or external services declared.
Instruction Scope
Instructions legitimately require reading directory trees, scripts (.sh/.py/.js/.ts), Markdown files, OpenClaw agent configs, pm2 configs and crontab output to build a dependency graph. The skill explicitly excludes sensitive directories (e.g., ~/.ssh, ~/.gnupg, ~/.secrets, .env, credentials.json) and states exclusions are invisible to scans. However, reference scanning reads file contents (to find hardcoded paths and references), and crontab/PM2/agent configs can contain sensitive command lines or tokens; the SKILL.md does not mandate redaction of collected data and it creates a raw inventory file for internal use. This is expected for a filesystem auditor but is a privacy-sensitive action — users should confirm exclusions and review outputs before any modification phases.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest risk for supply-chain or disk-install attack. Nothing is downloaded or written by an installer.
Credentials
The skill requests no environment variables, no credentials, and no special config paths beyond writing/reading user-owned files (USER.md, CATALOG.md, ~/.lexi-archive). The set of file reads and writes aligns with the stated purpose; no unrelated secrets or cloud credentials are requested. Note: the skill will read many files that can contain secrets embedded inline (scripts, configs, crontab), so lack of explicit credential requirements does not mean it cannot observe sensitive data present in those files.
Persistence & Privilege
always is false and model invocation is allowed (normal). The skill will persist audit artifacts in the user's home (USER.md, CATALOG.md, ~/.lexi-archive/) and will update USER.md to save scope/exclusions — behavior described in SKILL.md and scanning-framework.md. This is consistent with its function, but because it can be invoked autonomously by the agent (platform default), users should be aware that an agent with this skill can repeatedly scan and write those artifacts unless they limit invocation or confirm every modification batch (the skill promises explicit approval before Phase 5 changes).
Assessment
This skill appears to do what it says, but it reads many files (scripts, Markdown, crontab, OpenClaw agent configs) and will write audit artifacts in your home (~/.lexi-archive/, USER.md, CATALOG.md). Before installing or running: 1) Review and tighten the default exclusion list — explicitly exclude anything you consider sensitive beyond the defaults. 2) Run the skill in a read-only discovery mode first and inspect the raw inventory file to verify it does not capture secrets you don't want cataloged. 3) Do not permit blind autonomous runs; require user confirmation for Phase 5 changes (the SKILL.md says it will ask, but enforce it in agent settings if possible). 4) If you need ultimate assurance, run the audit in a sandboxed account or VM so the scan cannot access unrelated data. If you want, I can highlight exact lines in the SKILL.md that read content or write artifacts so you know what to audit/adjust.Like a lobster shell, security has layers — review code before you run it.
latestvk97c73mrvk5pve2khfq6gsxca5841h8y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.