ClawHub

Muguozi1 Openclaw File Manager 1 0 0

Security checks across malware telemetry and agentic risk

Overview

This is a real file-management skill, but it needs review because it can change or delete local files at scale while its safety documentation is incomplete and sometimes inconsistent.

Install only if you are comfortable with a local tool that can recursively rename, move, copy, overwrite, and delete files. Use scan-only or preview modes first, test on non-critical folders, keep backups, prefer quarantine/move over permanent deletion, verify every source and target path, and avoid cron/watch or no-confirm automation unless you have checked the exact command and recovery plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The document's safety section claims modifying actions default to dry-run and deletions prefer quarantine, but the examples prominently show immediate destructive actions like --action delete and --mirror without any preview or quarantine step. This inconsistency is dangerous because an agent or user may trust the documented safety guarantees while executing commands that can permanently remove files or overwrite directory contents.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough to match many ordinary file-related requests, so an agent may invoke this skill for loosely related tasks without clear user intent for destructive file automation. In a file-management skill, overbroad activation is especially risky because the available actions include rename, move, delete, and bidirectional or mirror sync, all of which can materially change user data.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The '何时使用' section is effectively a placeholder and does not define concrete triggering conditions, leaving activation ambiguous. That ambiguity increases the chance of accidental use of a high-impact file automation skill in contexts where the user did not intend bulk file modification or cleanup.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document provides automation examples using destructive flags such as --mirror, --move, and --execute without any warning, dry-run guidance, or explanation of data-loss risk. In a file-management skill, users are especially likely to copy these commands directly, which can overwrite, delete, or relocate files at scale if paths or exclusions are wrong.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# File Manager Skill Dependencies

# 进度条显示
tqdm>=4.60.0

# Windows 彩色输出支持
colorama>=0.4.4
Confidence
89% confidence
Finding
tqdm>=4.60.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
tqdm>=4.60.0

# Windows 彩色输出支持
colorama>=0.4.4
Confidence
84% confidence
Finding
colorama>=0.4.4

Known Vulnerable Dependency: tqdm — 3 advisory(ies): CVE-2024-34062 (tqdm CLI arguments injection attack); CVE-2016-10075 (TDQM Arbitrary Code Execution); CVE-2016-10075 (The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to e)

High
Category
Supply Chain
Confidence
70% confidence
Finding
tqdm

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal