Skillv1.0.0

ClawScan security

Local File Processor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 12:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions expect local binaries and an executable in the agent workspace but the registry metadata lists no required binaries or install steps — this mismatch and the fact it performs destructive filesystem operations warrant caution.
Guidance: This skill appears to do what it says (batch renames, conversions, metadata edits, duplicate detection) but there are important inconsistencies and risks to consider before installing or running it: - Inconsistency: The registry lists no required binaries or install steps, yet the SKILL.md requires exiftool, ImageMagick, ffmpeg and an executable at ~/.openclaw/workspace/skills/local-file-processor/local-file-processor. Confirm where that executable comes from before making anything executable. - Verify before running: Do not run chmod or execute any binary placed in the workspace unless you have inspected its source. If the local-file-processor binary is provided separately, review its contents (source or vendor-signed release) first. - Test safely: Use --dry-run and operate on a copy/test directory before running destructive actions. Avoid --force or --action delete without backups. - Platform note: The install instructions use brew (macOS/Homebrew); if you use Linux/Windows ensure you install equivalent trusted packages (exiftool, imagemagick, ffmpeg) from your distro or official sources. - If you need assurance: Ask the publisher for a provenance link (source repo or release URL) or a proper install spec that places the executable from a trusted host. Without that, treat the skill as untrusted code that will operate on your local files. If you want, I can: (a) check whether the workspace executable already exists on your system (tell me the path contents), (b) suggest safe test commands to run with --dry-run, or (c) draft questions to ask the skill owner requesting a signed release or source repository.

Review Dimensions

Purpose & Capability: concernThe skill claims to be an instruction-only local file processor, which matches its commands (rename, convert, organize, duplicates, metadata). However, SKILL.md instructs installing exiftool, ImageMagick, and ffmpeg and to chmod a local executable at ~/.openclaw/workspace/skills/local-file-processor/local-file-processor. The registry metadata lists no required binaries and there is no install spec or bundled binary — that is an inconsistency: the skill will not function as written without external tools and an executable that is not provided.
Instruction Scope: noteThe runtime instructions operate on arbitrary local files (rename, convert, delete, move, edit metadata), which is expected for this purpose but inherently dangerous. Instructions also tell the user/agent to make an executable in the skill workspace, yet no code is bundled; this step is out-of-band and could cause the agent to execute an unknown binary if one is placed there. The SKILL.md includes safety flags (dry-run, --force, confirmations) which help mitigate risk.
Install Mechanism: concernNo formal install spec exists in the registry, but SKILL.md tells users to run 'brew install exiftool imagemagick ffmpeg' and to chmod a workspace binary. Relying on brew assumes macOS/Homebrew and the absence of a declared install mechanism or a trusted download URL for the local executable is an installation risk and a coherence problem.
Credentials: okThe skill does not request any environment variables, credentials, or config paths. No secret exfiltration indicators are present in the metadata. That said, it legitimately needs access to the filesystem, which is appropriate for its stated purpose.
Persistence & Privilege: okThe skill does not request 'always: true' and defaults to normal invocation behavior. It asks (in SKILL.md) to add an executable to the skill's workspace, which is typical for a CLI-based skill but there is no indication it will modify other skills or global agent settings.