ClawHub

Detect File Type - Local

PassAudited by ClawScan on May 1, 2026.

Overview

This skill appears to do what it claims: locally identify file types without credentials or network behavior, with only normal local-file and package-dependency considerations.

This skill is reasonable to install if you need offline file-type detection. Keep scans limited to intended files or directories, avoid piping unbounded data unless you use the capped stdin mode, and consider a locked Python environment for reproducible dependency versions.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

If pointed at a broad or sensitive directory, the tool may read and report metadata for many local files.

Why it was flagged

The recursive option expands a user-supplied directory and processes all files under it, which is expected for batch file-type triage but can touch many local files.

Skill content
if recursive and path.is_dir():
            for root, _dirs, files in os.walk(path):
Recommendation

Use explicit file paths or narrowly scoped directories, especially when an agent is choosing the scan target.

NoteHigh Confidence
ASI08: Cascading Failures
What this means

Very large or unbounded stdin input could consume temporary disk space until the process finishes.

Why it was flagged

Default stdin mode writes incoming stdin to a temporary file until EOF; this is disclosed and cleaned up, but there is no default size cap in spool mode.

Skill content
chunk = sys.stdin.buffer.read(STDIN_SPOOL_CHUNK_BYTES)
                if not chunk:
                    break
                tmp.write(chunk)
Recommendation

For untrusted or potentially large streams, use `--stdin-mode head --stdin-max-bytes N` or bound the input before invoking the tool.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

Installations may resolve to different compatible Magika versions over time.

Why it was flagged

The package depends on an external Python dependency using a version range rather than an exact locked hash; this is normal for a Python package but relevant for supply-chain-sensitive installs.

Skill content
dependencies = [
    "magika>=1.0.0,<2.0.0",
]
Recommendation

Use a locked environment or package hashes if you require reproducible or tightly controlled installations.