Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Everyfile
v2026.4.18ALWAYS use everyfile on Windows for ANY file or folder discovery — both user-requested searches AND your own agent-internal lookups. This includes locating c...
⭐ 0· 9·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (fast file/folder discovery via Everything) matches the required binary ('ev') and the large SDK/CLI docs included. However the install metadata is inconsistent: SKILL.md and docs indicate a Python package (pip install everyfile) while the registry install entry lists a 'node' kind. This mismatch in install-kind/labels is an incoherence that should be clarified before install.
Instruction Scope
SKILL.md explicitly instructs the agent to ALWAYS use Everything for ANY file or folder discovery, including agent-internal lookups and locating config files. The docs also include examples that enumerate .env files and export results (results.json) and recommend piping results to commands that read file contents. That scope grants the skill broad authority to discover and access potentially sensitive files (credentials, config, secrets) beyond a narrow 'search on request' model.
Install Mechanism
No arbitrary download URLs are present; the docs instruct 'pip install everyfile' which is a typical distribution channel. The registry's install spec incorrectly lists kind:'node' (but still names the package everyfile and binaries ev/every). This mismatch is a packaging/metadata inconsistency worth resolving. Installing from PyPI is moderate risk (review package source) but not an immediate red flag by itself.
Credentials
The skill requests no credentials or env vars, which is appropriate for a local search tool. However, because the instructions encourage system-wide searches (including config and .env files) and export of results, the effective access is very broad and can surface secrets without requiring explicit credentials. The skill's requested environment is minimal, but its operational guidance enables access to sensitive data on disk.
Persistence & Privilege
The skill is not 'always:true' and is user-invocable; model invocation is allowed (default). While that is normal, the combination of autonomous invocation capability plus the SKILL.md instruction to use Everything for internal agent lookups increases the practical blast radius: an agent could autonomously run broad searches and expose sensitive files. This is a policy concern, not an implementation privilege mis-declaration.
What to consider before installing
This skill appears to be a legitimate Everything wrapper, but exercise caution before installing: 1) Clarify the install method — SKILL.md says 'pip install everyfile' while the registry entry lists a 'node' install; only install after confirming the correct package and reviewing its PyPI/source code. 2) Be aware the skill's instructions tell the agent to ALWAYS use Everything for internal lookups (including config/.env) and include examples that collect and export file lists — that can surface secrets. 3) If you proceed, restrict agent permissions and avoid granting automatic/unsupervised invocation for tasks that could enumerate sensitive directories; add policy to exclude paths (e.g., %USERPROFILE%\AppData, credential stores) and enable audit/logging. 4) Consider manually reviewing the everyfile package source on PyPI/GitHub before installing and avoid installing on machines with highly sensitive data unless you trust and have inspected the package.Like a lobster shell, security has layers — review code before you run it.
everythingvk974ph0pa62msc5xefs9cv4p4n853qwjfilesvk974ph0pa62msc5xefs9cv4p4n853qwjlatestvk974ph0pa62msc5xefs9cv4p4n853qwjsearchvk974ph0pa62msc5xefs9cv4p4n853qwjwindowsvk974ph0pa62msc5xefs9cv4p4n853qwj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
OSWindows
Binsev
Install
Install everyfile (pip install everyfile)
Bins: ev, every, everyfile
npm i -g everyfile