Skillv1.1.0

ClawScan security

archive-extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 15, 2026, 3:12 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (recursive archive extraction); the only notable behaviors are pip auto-installs for optional backends and normal filesystem writes/deletes during extraction.
Guidance: This skill appears to do what it claims, but review the tradeoffs before installing/using: (1) The script will call pip to install rarfile/py7zr on first use — this requires network access and will modify the Python environment; consider running the skill in a virtualenv or container. (2) Extraction writes files to disk and can delete extracted directories when run with --force or on error; avoid running it with root privileges or on system-critical directories. (3) The code lacks explicit path-sanitization for archive entries (zip-slip risk); do not run it on untrusted archives unless you accept that risk or run in an isolated environment. If you want extra assurance, inspect the full script locally and test it on sample archives in a disposable environment before running on important data.

Review Dimensions

Purpose & Capability: okName/description match the delivered code: the included script implements recursive extraction for the listed formats, including auto-installing 'rarfile' and 'py7zr' when needed. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteInstructions tell the agent to run the included Python script on a path/glob and to allow pip installs for optional backends. The script performs filesystem operations (create dirs, extract files, remove extracted dirs on force/failure) which are expected for this purpose. One security note: extraction uses zipfile.extractall and tarfile.extractall (with a best-effort data_filter for Python 3.12+), but there is no explicit path-sanitization to protect against zip-slip/path traversal in archives—so extracting untrusted archives could write files outside the intended output. Recommend running on trusted data or in an isolated environment.
Install Mechanism: noteNo platform install spec is provided; the script auto-installs Python packages via subprocess pip install at runtime when .rar or .7z handling is needed. This is coherent with the stated zero-local-binary goal but does involve network access and will modify the interpreter's site-packages (or the environment running the agent).
Credentials: okThe skill declares no required environment variables or credentials and the code does not access environment secrets or unrelated config paths.
Persistence & Privilege: okSkill is not always-enabled and does not request elevated platform privileges or modify other skills/configs. It runs on demand and has no persistent background components.