Batch Rename
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly does what it says, but its file-renaming safeguards are weaker than advertised, especially around overwrite handling and undo support.
Use this only on backed-up dataset folders. Preview the changes first, avoid --force unless you are certain there are no valuable target files, and do not rely on the advertised undo feature unless the tool is fixed to create a restore backup before renaming.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A naming collision or use of --force could overwrite or remove dataset files or annotations.
The script performs direct filesystem mutations and deletes existing targets when --force is used. It also does not clearly block existing-name collisions before rename, so overwrite behavior may be unsafe or platform-dependent.
if args.force and new_path.exists():
new_path.unlink()
old_path.rename(new_path)Run with --preview first, keep a separate backup, and update the tool to reject existing target paths unless --force is explicitly chosen and a rollback manifest is written.
Users may believe large renames are safely reversible when the provided artifacts do not support reliable undo after a rename.
The documentation advertises undo support, but the provided script's rename flow does not create the .rename_backup.json file that its restore command expects.
- **Undo Support**: Restore original filenames
Either implement backup creation before applying renames or remove/clearly qualify the undo claim.