Detect File Type - Local

PassAudited by VirusTotal on May 11, 2026.

Overview

Type: OpenClaw Skill Name: detect-file-type-local Version: 0.2.0 The skill bundle is designed for local, offline file type detection using Google Magika. Code analysis confirms that it performs read-only operations, uses secure temporary file handling for stdin (`tempfile.mkstemp`), and does not contain any network calls or arbitrary code execution. The `SKILL.md` and `README.md` provide clear, non-malicious instructions and explicitly state security features like no network access and no file modification. The `SECURITY.md` file further details the threat model and mitigations, acknowledging potential resource exhaustion for unbounded stdin streams but classifying it as an operational control rather than a vulnerability in the tool's design. There is no evidence of intentional harmful behavior or prompt injection attempts.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

If pointed at a broad or sensitive directory, the tool may read and report metadata for many local files.

Why it was flagged

The recursive option expands a user-supplied directory and processes all files under it, which is expected for batch file-type triage but can touch many local files.

Skill content

if recursive and path.is_dir():
            for root, _dirs, files in os.walk(path):

Recommendation

Use explicit file paths or narrowly scoped directories, especially when an agent is choosing the scan target.

NoteHigh Confidence

ASI08: Cascading Failures

What this means

Very large or unbounded stdin input could consume temporary disk space until the process finishes.

Why it was flagged

Default stdin mode writes incoming stdin to a temporary file until EOF; this is disclosed and cleaned up, but there is no default size cap in spool mode.

Skill content

chunk = sys.stdin.buffer.read(STDIN_SPOOL_CHUNK_BYTES)
                if not chunk:
                    break
                tmp.write(chunk)

Recommendation

For untrusted or potentially large streams, use `--stdin-mode head --stdin-max-bytes N` or bound the input before invoking the tool.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installations may resolve to different compatible Magika versions over time.

Why it was flagged

The package depends on an external Python dependency using a version range rather than an exact locked hash; this is normal for a Python package but relevant for supply-chain-sensitive installs.

Skill content

dependencies = [
    "magika>=1.0.0,<2.0.0",
]

Recommendation

Use a locked environment or package hashes if you require reproducible or tightly controlled installations.