Olares Files (olares-cli files)
Analysis
This looks like a real Olares file-management skill, but it delegates to an unprovided shared instruction file and covers credentialed, destructive, and public-sharing file operations without clear permission and approval boundaries.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
**CRITICAL — before doing anything, MUST use the Read tool to read [`../olares-shared/SKILL.md`](../olares-shared/SKILL.md)**
The skill forces a prerequisite tool read and makes another instruction file authoritative before normal task handling. This may be legitimate shared setup guidance, but users should notice that it expands the instruction source.
list (ls), upload, download, cat, rm, cp, mv, rename (rn), share (internal / public / smb), and Sync-repo CRUD
The skill exposes high-impact remote file and repository operations, including deletion, move, sharing, and repository CRUD. The provided artifacts do not clearly bound approvals, scope, or reversibility for these actions.
metadata:
requires:
bins: ["olares-cli"]
...
MUST use the Read tool to read [`../olares-shared/SKILL.md`](../olares-shared/SKILL.md)The skill relies on an external CLI binary and a sibling shared instruction file, but the install spec is absent and the manifest contains only SKILL.md. This leaves dependency provenance and referenced instructions unresolved.
recursive directory transfer with errgroup parallelism, batch DELETE wire shape, server-side copy/move ... async task_id queue, cross-volume supported
The skill documents recursive, parallel, batch, async, and cross-volume operations. A bad path or mistaken instruction can propagate across many files, directories, or volumes.
Server-side quirks (critical, do not work around) ... Teach yourself and the user to respect them; **do not** suggest "workarounds"
The skill uses strong authoritative language that may be intended to prevent known backend mistakes. Users should still be aware that it discourages alternative handling for certain errors.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Primary credential: none ... Capability signals: requires-oauth-token; requires-sensitive-credentials
The declared credential contract says no primary credential, but capability signals indicate OAuth tokens and sensitive credentials are required. This under-discloses the account authority needed for remote file and sharing operations.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
share (internal / public / smb) ... folder-share creation across the three flavors (Internal cross-user, Public link with password+expiration, SMB Samba mount)
The skill can expose folders through internal users, public links, and SMB shares. These are purpose-aligned file-sharing features, but the artifacts do not clearly define recipient validation, data-boundary checks, or confirmation requirements.