ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Local File Manager

Read, write, append, and list local files in the session's working directory. Use when you need to persist output to disk, read input files, or manipulate fi...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 108 · 0 current installs · 0 all-time installs
by@liyico
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The declared purpose (read/write/list files in the session cwd) is consistent with the code and SKILL.md. However the packaged metadata is inconsistent: skill.json names Python entry points and requirements, while the repo contains a TypeScript entry (index.ts) and a bash script. The index.ts references a hard-coded absolute script path (/Users/nico/...), which is a developer-specific path and unlikely to exist in a user's environment. These mismatches suggest sloppy packaging or leftover dev state.
!
Instruction Scope
The SKILL.md and the shell script implement a sandbox-to-cwd model and list reasonable options. But the README/examples mention absolute paths (e.g., /var/log/automation.log) that contradict the stated 'sandboxed to cwd' behavior (the script strips leading slashes). More importantly, the TypeScript entry builds a shell command by concatenating unescaped arguments into a single exec string, which lets specially crafted content or path values alter the shell invocation (command injection risk). The runtime also logs to ~/.openclaw/logs/file-manager.log, which is outside the session cwd but documented — this is plausible but should be noticed by users.
Install Mechanism
No install spec or remote downloads are present (instruction-only / local code bundled). That lowers supply-chain risk. No external URLs or archive extraction steps are used.
Credentials
The skill declares no required environment variables in registry metadata, while SKILL.md documents optional env vars (FILE_MANAGER_MAX_SIZE, FILE_MANAGER_LOG, FILE_MANAGER_DRY_RUN) — this is reasonable. skill.json restricts file permissions to the workspace (~/.openclaw/workspace/**), which aligns with the stated intent. There is no request for unrelated credentials. However, the hard-coded scriptPath in index.ts and the log file written under the user's home indicate the code assumes access to specific user paths; that reduces portability and may surprise users.
Persistence & Privilege
The skill does not request permanent/always-on privileges, does not modify other skills, and is user-invocable only. Its logged operations are local to the user account (writes to ~/.openclaw/logs by default).
What to consider before installing
This skill appears to implement local file operations but has packaging and safety issues you should resolve before trusting it with important data. Key concerns: (1) index.ts hard-codes a developer path (/Users/nico/...) — the skill may fail or behave unexpectedly on your system; ask the author to use a relative path or bundle the script location. (2) index.ts concatenates arguments into a shell command without escaping — this can lead to command injection if untrusted content is passed; request that the author use spawn/execFile with an args array or properly escape/validate inputs. (3) skill.json lists Python entry points that don't exist — metadata should match the actual files. (4) Examples in SKILL.md showing absolute paths are misleading given the script's sandboxing; request clearer documentation. If you decide to install: do not run with sensitive files or elevated privileges until these issues are fixed, run in an isolated environment, and ask the maintainer to patch argument handling and packaging inconsistencies.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk978pzrg9hrqksd1ge3y1v71hh83n2x0localvk978pzrg9hrqksd1ge3y1v71hh83n2x0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Local File Manager Skill

This skill provides safe file I/O operations within the session's cwd. It is designed for roles that need to store outputs locally (no cloud sync).

Capabilities

  • Read file: Get contents of a text file
  • Write file: Create or overwrite a file
  • Append file: Add content to existing file
  • List files: Directory listing with filtering
  • Delete file: Remove a file (with safety checks)
  • Copy/Move: Simple file operations

When to Use

Role needs to:

  • Save generated code/analysis to disk
  • Read input documents (PDFs, text, etc.)
  • Append logs or results
  • Create output files in Markdown/JSON/CSV

Usage

# Read a file
file-manager --action read --path output.md

# Write content (from stdin or --content)
file-manager --action write --path result.json --content '{"status":"done"}'

# Append to file
file-manager --action append --path log.txt --content "Job completed at $(date)"

# List files in directory
file-manager --action list --dir . --pattern "*.md"

# Create directory
file-manager --action mkdir --dir reports

# Delete file (with confirmation)
file-manager --action delete --path old_file.txt

Safety

  • Sandboxed to cwd: Cannot access files outside session's working directory
  • Protected files: Cannot delete files starting with . or in ../
  • Size limit: Max file size 10MB (configurable)
  • Dry-run support: --dry-run shows what would happen

Integration with Roles

In role config, enable this skill:

plugins:
  allow:
    - local-file-manager
    - doc-parser

Then in the role's system prompt, guide usage:

When you finish analysis, write the result to a file:
  file-manager --action write --path summary.md --content "$YOUR_MARKDOWN"

Examples

Researcher saving analysis:

file-manager --action write --path analysis_$(date +%Y%m%d).md \
  --content "# Analysis\n\n## Summary\n..."

Developer saving code:

file-manager --action write --path src/main.py --content "$CODE"

Automation appending log:

file-manager --action append --path /var/log/automation.log \
  --content "[$(date)] Task completed\n"

Error Handling

  • If file doesn't exist for read: returns error code 1
  • If path is outside cwd: denied
  • If write fails (permission): returns error
  • All errors logged to ~/.openclaw/logs/file-manager.log

Configuration

Environment variables:

  • FILE_MANAGER_MAX_SIZE: Max file size in bytes (default 10485760)
  • FILE_MANAGER_LOG: Path to operation log (default ~/.openclaw/logs/file-manager.log)
  • FILE_MANAGER_DRY_RUN: Set to "1" to only simulate operations

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…