ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

archive-extractor

v1.1.0

Recursively extract archive files from a file or directory. Supports zip, tar, tar.gz, tar.bz2, tar.xz, tgz, rar, 7z, gz, bz2, xz. Works on Windows, Linux, m...

1· 385·0 current·0 all-time
byleon388@qiliangzhao20241028

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for qiliangzhao20241028/archive-extractor.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "archive-extractor" (qiliangzhao20241028/archive-extractor) from ClawHub.
Skill page: https://clawhub.ai/qiliangzhao20241028/archive-extractor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install archive-extractor

ClawHub CLI

Package manager switcher

npx clawhub@latest install archive-extractor
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the delivered code: the included script implements recursive extraction for the listed formats, including auto-installing 'rarfile' and 'py7zr' when needed. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions tell the agent to run the included Python script on a path/glob and to allow pip installs for optional backends. The script performs filesystem operations (create dirs, extract files, remove extracted dirs on force/failure) which are expected for this purpose. One security note: extraction uses zipfile.extractall and tarfile.extractall (with a best-effort data_filter for Python 3.12+), but there is no explicit path-sanitization to protect against zip-slip/path traversal in archives—so extracting untrusted archives could write files outside the intended output. Recommend running on trusted data or in an isolated environment.
Install Mechanism
No platform install spec is provided; the script auto-installs Python packages via subprocess pip install at runtime when .rar or .7z handling is needed. This is coherent with the stated zero-local-binary goal but does involve network access and will modify the interpreter's site-packages (or the environment running the agent).
Credentials
The skill declares no required environment variables or credentials and the code does not access environment secrets or unrelated config paths.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges or modify other skills/configs. It runs on demand and has no persistent background components.
Assessment
This skill appears to do what it claims, but review the tradeoffs before installing/using: (1) The script will call pip to install rarfile/py7zr on first use — this requires network access and will modify the Python environment; consider running the skill in a virtualenv or container. (2) Extraction writes files to disk and can delete extracted directories when run with --force or on error; avoid running it with root privileges or on system-critical directories. (3) The code lacks explicit path-sanitization for archive entries (zip-slip risk); do not run it on untrusted archives unless you accept that risk or run in an isolated environment. If you want extra assurance, inspect the full script locally and test it on sample archives in a disposable environment before running on important data.

Like a lobster shell, security has layers — review code before you run it.

latestvk9758xf8kppcgjk2ng4a2p69y184wpnw
385downloads
1stars
3versions
Updated 15h ago
v1.1.0
MIT-0
leon388@qiliangzhao20241028
latest
Download

Archive Extractor

Extracts archives recursively using scripts/extract.py.

Zero local-software dependency — works on any machine with Python 3.8+.
.rar and .7z formats use pure-Python libraries (rarfile, py7zr) that are auto-installed on first use via pip. No 7-Zip, WinRAR, or unrar binary needed.

How to run

python scripts/extract.py <PATH> [OPTIONS]

Always use the absolute path to the script when calling from a different working directory:

# Windows
python "C:\Users\<user>\.workbuddy\skills\archive-extractor\scripts\extract.py" "<PATH>"

# Linux / macOS
python ~/.workbuddy/skills/archive-extractor/scripts/extract.py "<PATH>"

Options

FlagDescription
-f / --forceRe-extract even if a .extracted_success marker already exists
-d DIR / --dest DIRWrite all output under a custom root directory

Supported formats

FormatBackend
.zipPython stdlib zipfile
.tar .tar.gz .tar.bz2 .tar.xz .tgz .tbz2Python stdlib tarfile
.gz .bz2 .xz (single-file)Python stdlib gzip / bz2 / lzma
.rarrarfile (pure-Python, auto-installed)
.7zpy7zr (pure-Python, auto-installed)

Key behaviours

  • Idempotent: skips archives that already have a .extracted_success marker; use -f to override.
  • Recursive: after extracting an archive, immediately scans the output for nested archives (up to 20 levels deep).
  • Auto-deps: rarfile and py7zr are installed automatically via pip on first use — no manual setup needed.
  • Fault-tolerant: corrupted or unsupported archives are logged as [FAIL] and skipped; remaining archives continue.

Examples

# Extract everything in a directory (including sub-archives)
python extract.py "D:\jira\TICKET-123"

# Force clean re-extraction of a single file
python extract.py report.zip -f

# Extract to a separate output folder
python extract.py "D:\jira\TICKET-123" -d "D:\extracted"

# Glob pattern — extract all zips in current directory
python extract.py "*.zip"

Comments

Loading comments...