ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Filesystem

v1.0.0

Perform advanced filesystem tasks including listing, recursive searching by name or content, batch copying/moving/deleting files, and analyzing directory siz...

8· 10.5k·305 current·322 all-time
by@amaofx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name and content both describe filesystem listing, searching, batch operations and analysis. There are no unrelated environment variables, binaries, or installs requested — everything the skill needs is standard shell utilities, which is proportionate to its purpose.
Instruction Scope
The SKILL.md is an explicit set of shell commands (find, grep, cp, mv, rm, sed, etc.) that operate on the agent's current filesystem. This is expected for a filesystem tool, but many examples are destructive (delete, move, bulk rename). The instructions do not attempt to read remote endpoints or unrelated credentials, but they do allow modification/deletion of local files — the user should be aware of that risk.
Install Mechanism
There is no install spec and no code to download or write to disk. The document only suggests optional tools (tree, fd, ripgrep) and shows brew install commands — these are normal recommendations and not executed automatically by the skill.
Credentials
The skill requires no environment variables, credentials, or configuration paths. It does note that some operations may require sudo, which is accurate and proportional to filesystem operations.
Persistence & Privilege
The skill is not marked always:true and does not request persistent presence or modify other skills' settings. Default autonomous invocation is allowed by platform but is not unusual or elevated for this skill.
Assessment
This skill is essentially a cookbook of shell commands for working with files and directories. It does not request credentials or install code, but many examples perform destructive actions (bulk delete, move, rename). Before using: (1) run on a non-production copy or in a container/VM if possible, (2) inspect and confirm any command the agent plans to run (especially find ... -delete, mv, rm), (3) list targets first (e.g., use find ... -print or a dry-run) and back up important data, and (4) consider restricting autonomous invocation if you don't want an agent to run filesystem-modifying commands without explicit approval.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f2mkpvpqc0n7et715c053f18114gs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments