Filesystem Access

安全的本地文件读/写/列表能力，默认只在 OpenClaw workspace 目录内工作。

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 822 · 11 current installs · 12 all-time installs

bybukas@huanz

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The name/description promise a safe, workspace-only file read/write/list capability. However, the skill requests no OS-level sandboxing, config paths, or credentials that would technically limit access to a workspace. For an actual workspace-only file-access feature, one would expect either platform-level enforcement details or instructions referencing a specific sandboxed API or path—those are missing.

Instruction Scope

SKILL.md contains policy-style guidance (use relative paths, do not write outside workspace) but no concrete, constrained commands or checks. That makes safe behavior advisory rather than enforced: an agent could ignore the guidance and access arbitrary files unless the runtime enforces limits.

✓

Install Mechanism

No install spec and no code files are present. That minimizes supply-chain/code-execution risk because nothing is downloaded or installed by the skill itself.

✓

Credentials

The skill requests no environment variables, credentials, or config paths. There are no disproportionate secret requests.

ℹ

Persistence & Privilege

The skill is default-autonomous-invocable (platform default). While 'always: true' is not set, the combination of autonomous invocation and non-enforced, advisory constraints increases the risk that the agent could access files outside the workspace without explicit user approval.

What to consider before installing

This skill is essentially a set of rules rather than an enforced sandbox. Before installing, verify how your OpenClaw runtime enforces 'workspace-only' file access (OS chroot/namespace, process-level sandbox, or an API that only exposes workspace paths). Ask the platform owner: does the agent process actually get prevented from reading/writing outside the workspace? If not, treat this as having full filesystem access and only enable it when you trust the agent and logs/auditing. Consider: 1) testing with a harmless file outside the workspace to confirm enforcement, 2) limiting autonomous invocation or requiring manual approval for file operations, 3) ensuring audit logs capture file reads/writes, and 4) avoiding giving this skill access if you must protect secrets or system files.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk97b4q9j4xf5k3f4x2c38mbk5582d3tf

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

使用建议

当你需要查看、编辑或列出工作区内的文件时使用本技能。
仅访问相对路径或工作区子目录，避免越权访问用户其他目录。
典型场景：查看日志、生成 Markdown 报告、保存脚本或配置文件。

安全约束

禁止在 workspace 之外执行写入操作。
避免删除用户重要文件，如配置、源码或系统文件。

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…