Detect File Type - Local
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a broad or sensitive directory, the tool may read and report metadata for many local files.
The recursive option expands a user-supplied directory and processes all files under it, which is expected for batch file-type triage but can touch many local files.
if recursive and path.is_dir():
for root, _dirs, files in os.walk(path):Use explicit file paths or narrowly scoped directories, especially when an agent is choosing the scan target.
Very large or unbounded stdin input could consume temporary disk space until the process finishes.
Default stdin mode writes incoming stdin to a temporary file until EOF; this is disclosed and cleaned up, but there is no default size cap in spool mode.
chunk = sys.stdin.buffer.read(STDIN_SPOOL_CHUNK_BYTES)
if not chunk:
break
tmp.write(chunk)For untrusted or potentially large streams, use `--stdin-mode head --stdin-max-bytes N` or bound the input before invoking the tool.
Installations may resolve to different compatible Magika versions over time.
The package depends on an external Python dependency using a version range rather than an exact locked hash; this is normal for a Python package but relevant for supply-chain-sensitive installs.
dependencies = [
"magika>=1.0.0,<2.0.0",
]Use a locked environment or package hashes if you require reproducible or tightly controlled installations.