ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

File Organizer

v1.0.0

Automatically sort and rename files by type into structured folders with undo support, configurable filters, and dry-run preview for safe batch organization.

0· 17·0 current·0 all-time
by@indigas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: the script sorts, renames, provides dry-run and undo functionality. However SKILL.md/README claim features that the visible script doesn't implement or fully support (e.g., automatic creation of ORGANIZE_LOG.json after each run, safety check that 'only restores if files haven't been modified since', and integration with cron-manager/cloud). Those claims are not present in the shown code.
Instruction Scope
Runtime instructions are limited to organizing directories and using dry-run/undo — appropriate for the purpose. But the instructions assert behaviors (persistent logging, modification-time checks before restore) that are not implemented in the visible code. The SKILL.md also suggests integrations (cron-manager, cloud) without code or config demonstrating those integrations.
Install Mechanism
No install spec (instruction-only + included scripts) — lowest install risk. There are no network downloads or unusual install steps in the manifest.
Credentials
No credentials, no environment variables, and no access to unrelated system config are requested. The skill only needs filesystem access (source/target paths), which is proportionate to its stated purpose.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. It writes logs and moves files within the filesystem (normal for this utility). No evidence it modifies other skills or global agent config.
What to consider before installing
This skill appears to implement a sensible file organizer, but the docs and tests claim behaviors the code doesn't clearly provide. Before installing or running it with real data: (1) Review the full scripts (the main script was truncated in the manifest) to confirm it actually writes ORGANIZE_LOG.json after each run and implements the 'only restore if file unchanged' safety check the docs promise; (2) Run the script in --dry-run mode on a copy of a folder and verify the output; (3) Do not run a non-dry-run operation directly on important directories (Downloads/Desktop) without backing them up; (4) If you rely on undo, ensure the tool persists a properly structured log and that undo returns structured results (the tests expect a returned dict but the visible undo function prints and returns None); (5) If you need cron or cloud integration, add explicit, audited integration code rather than trusting the README's claims. These inconsistencies look like sloppy/incomplete implementation rather than malicious intent, but they do increase risk of unexpected file moves or loss if used blindly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f8w2db2m80z3td2p7gcfykh8501kq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments