ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

File Finder

v1.0.0

A simple, fast and user-friendly alternative to 'find' Based on sharkdp/fd (42,080+ GitHub stars). file finder, rust, cli, command-line, filesystem, hacktobe...

1· 425·1 current·1 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to be a 'find' alternative and the included bash script implements find-like commands (find/ext/large/recent/dup/summary/tree). That capability matches the name/description. Minor mismatch: the registry lists no required binaries, but the script uses system tools (find, stat, tree optionally) and embeds Python3 snippets — so the declared requirements are incomplete.
Instruction Scope
SKILL.md instructions are minimal and the runtime behavior is entirely in the provided script. The script will traverse directories, read file metadata and (for duplicate detection) read up to 64KB from files to compute MD5 slices. This is expected for a file-finder/dup tool but means it will read file contents you point it at (so avoid scanning sensitive system areas or running as root).
Install Mechanism
No install spec (instruction-only) and no network downloads; the only code is a local bash script. Nothing in the manifest attempts to fetch or execute remote artifacts.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. However SKILL.md lists runtime: python3 while the top-level metadata declares required binaries: none — in practice Python3 (and standard Unix tools) are needed for some commands. Also SKILL.md lists Apache-2.0 but the script header claims MIT license — license mismatch should be clarified.
Persistence & Privilege
The skill does not request persistent installation, special privileges, or always-enabled status. It does not modify other skills or system-wide configs according to the provided files.
Assessment
This skill appears to be what it says: a CLI file-search utility implemented as a bash script with embedded Python. Before installing or running it: (1) verify license mismatch (SKILL.md: Apache-2.0 vs script header: MIT) and confirm you are comfortable with the stated copyright/terms; (2) be aware the script uses system 'find', 'stat', and Python3 — ensure those are present and acceptable; (3) avoid running it against sensitive directories or as root because it will read file metadata and, in duplicate mode, read portions of files; (4) if you require stricter guarantees, inspect the script yourself (it is short and readable) or run it in a confined environment. Overall there are no network exfiltration signs or unexplained credentials requested.

Like a lobster shell, security has layers — review code before you run it.

latestvk9798ttd01kvz6m0v90eh66rth82tdzb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments