v1.0.0

filesystem-1.0.2

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:17 AM.

Analysis

This is a disclosed filesystem utility, but the reviewed package points to a missing executable while asking for broad local file access.

GuidanceReview this skill before installing. The filesystem features are expected for its purpose, but install only from a verified package that includes the missing executable, and run commands with narrow paths and dry-run/confirmation for copy operations.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

package.json

"main": "filesystem", "bin": { "filesystem": "./filesystem" }, "files": [ "filesystem", "config.json", "SKILL.md", "README.md", "LICENSE.md" ]

The package declares a runnable filesystem executable, but the supplied file manifest lists only config.json, LICENSE.md, package.json, README.md, SKILL.md, and _meta.json. For a tool that claims read/write filesystem capability, the missing executable means the behavior users would run is not present in the reviewed artifacts.

User impactA user could be guided to install or run filesystem code that was not included in the reviewed package, so the documented safety behavior cannot be tied to the provided artifacts.

RecommendationOnly install from a verified release that includes the executable source or remove the CLI/bin declarations and mark the skill clearly as documentation-only.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Registry metadata: Slug: filesystem2, Version: 1.0.0 ... _meta.json: "slug": "clawdbot-filesystem", "version": "1.0.2"

The registry and packaged metadata do not fully line up on slug/version, and the source is listed as unknown. This does not prove malicious behavior, but it weakens provenance clarity.

User impactIt may be harder to confirm that the package, registry entry, and linked repository are the same trusted release.

RecommendationVerify the publisher, repository, version, and release contents before installing, especially because the skill is intended to operate on local files.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

- **Content Search** - Full-text search within files ... `filesystem copy --pattern "*.log" --to ./backup/ --dry-run`

The skill explicitly supports reading file contents and batch copying files. This is purpose-aligned for a filesystem skill, but it is sensitive local authority that should be scoped and reviewed.

User impactIf used on broad paths, the agent could reveal sensitive file contents in output or copy more files than intended.

RecommendationUse narrow paths, keep dry-run enabled before copy operations, avoid home/root/system directories unless necessary, and review outputs before sharing them.