File Deduplicator
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed local file-deduplication utility, but it can recursively scan and delete user-selected files, so use dry-run or archive mode first.
Before installing or running this skill, confirm you are comfortable granting it local file access. Start with dry-run mode, scan only specific folders, use archive/move mode for important data, and check the generated log if folder names are sensitive.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Files may be removed from user-selected directories if the removal command is run.
The documented workflow can delete local files. That is expected for a deduplication tool, but it is a high-impact action if used on the wrong directory or with incorrect duplicate detection.
node index.js removeDuplicates '{"directories":["./documents"],"options":{"keep":"newest","action":"delete"}}'Run a dry-run first, prefer archive/move mode for important folders, and keep backups before deleting duplicates.
Running the command gives the skill access to read, hash, log, move, or delete files that the current user account can access.
The skill is operated by executing bundled JavaScript locally. This is central to its purpose, but users should recognize that local code runs with their filesystem permissions.
cd ~/.openclaw/skills/file-deduplicator node index.js findDuplicates
Run it only from a trusted installation, and limit scans to specific folders rather than broad home or system paths.
Local logs may reveal sensitive folder or file names to anyone who can read the skill directory.
The skill persists scan and action messages to a local log file, which can include directory paths and error details.
fs.appendFileSync(logFilePath, message + '\n');
Review or delete the deduplication log after scanning sensitive folders.
It is harder to verify the publisher or source history before running the bundled code.
The skill has limited provenance information and no install contract, while the README documents executing local Node.js code.
Source: unknown; Homepage: none; Install specifications: No install spec
Review the included files before use and install only if you trust the publisher or package source.