Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
filesystem-1.0.2
v1.0.0Advanced filesystem operations - listing, searching, batch processing, and directory analysis for Clawdbot
⭐ 0· 169·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (advanced filesystem operations) is coherent with the CLI commands shown in SKILL.md. However the package metadata and documentation claim a local CLI named 'filesystem' (and package.json lists a bin) while the distributed file list does not include any executable named 'filesystem'. That mismatch (skill expects a binary but none is present) is unexplained and disproportionate to the skill's claimed capabilities.
Instruction Scope
SKILL.md tells the agent/user to run a local 'filesystem' binary and to clone/install the repository (git clone or clawdhub install). The instructions otherwise limit operations to files and directories and include safety mitigations (protected paths, dry-run). But because the package lacks the executable, following the install instructions would cause the user/agent to fetch external code (git clone) — an action outside the contained package and therefore a potential vector for untrusted code.
Install Mechanism
There is no install spec in the registry package; SKILL.md/README instruct a git clone or clawdhub install. Combined with the missing executable, this implies the only way to obtain the runtime binary is to clone an external repo. That external download is not vetted here and represents the highest-risk install pattern. Also metadata inconsistencies (package.json vs registry version/homepage) increase suspicion about packaging quality and provenance.
Credentials
The skill declares no required environment variables or credentials and requests only 'node' as a binary dependency. The package.json declares filesystem read-write permission (expected for a filesystem tool) and no network permission, which is proportionate — but note that the install instructions force an external git clone (network) if the binary is missing, which contradicts the 'network: none' claim.
Persistence & Privilege
The skill is not always-enabled and uses normal agent invocation semantics. It does not request autonomy or system-wide configuration changes in the provided materials. No evidence it attempts to modify other skills or global settings.
What to consider before installing
Do not install this skill yet. Key problems: (1) the package/registry bundle lacks the actual 'filesystem' executable the SKILL.md expects — installing would require cloning an external repo, which pulls unvetted code; (2) metadata inconsistencies (versions and owner IDs) reduce confidence in provenance. If you still want to use it, first manually inspect the remote repository on GitHub (https://github.com/gtrusler/clawdbot-filesystem): verify the executable script's contents, commit history, and maintainers; confirm the binary matches what package.json advertises; prefer upstream releases/tags and signed releases if available. Never run unknown filesystem tools as root or against sensitive paths; run initial tests in a disposable environment, use dry-run options, and back up important data. If you need a filesystem skill for automation, prefer a package that includes its runtime within the registry bundle or is installed from a well-known, reviewed source.Like a lobster shell, security has layers — review code before you run it.
latestvk97860cqqb6bjdqhhwkpc7nvex82yn5g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📁 Clawdis
Binsnode