ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Unzip Files with WinRAR

v1.0.1

cross-platform rar and winrar command-line archive handling for windows and linux. use when chatgpt needs to compress or extract archives with rar or winrar,...

0· 26·0 current·0 all-time
byMason@zkcloud
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the runtime instructions: detect rar/winrar, repair PATH, run extraction/compression commands, handle multipart and passworded archives, and fall back to official downloads. The declared requirements (none) are proportionate to an instruction-only helper.
Instruction Scope
Instructions stay focused on archive handling and related troubleshooting. Two things to be aware of: (1) examples show passing passwords on the command line (rar -p...), which can expose secrets in process lists, logs, or transcripts; (2) the skill suggests persistent PATH edits and downloading official installers — both are reasonable for this purpose but can change system state and may require elevated privileges. The SKILL.md does not instruct reading unrelated files or exfiltrating data.
Install Mechanism
This is instruction-only (no install spec, no code files). The only external endpoints mentioned are official-looking WinRAR download URLs on win-rar.com rather than unknown shorteners or personal servers, which is proportionate for the stated fallback behavior.
Credentials
No environment variables or credentials are requested by the skill metadata. Password handling is user-provided and shown in examples, but the skill does not demand or store secrets itself.
Persistence & Privilege
always:false and normal autonomous invocation. The skill recommends persistent PATH changes (setx) and possibly running installers, which can alter system state and require admin privileges — this is coherent with its goal but is a system-impacting action users should permit explicitly.
Assessment
This skill appears coherent for rar/winrar command-line help. Before installing or invoking it: (1) verify the download URLs are acceptable (they point to win-rar.com in the instructions); (2) avoid supplying passwords on the command line when possible because -p exposes secrets to process listings and logs — prefer interactive supply or other secure mechanisms; (3) persistent PATH edits and running installers will change system state and may require admin rights — only allow those actions if you trust the source and intend the change; (4) if you do not want an agent to autonomously download or install software, disable autonomous invocation or confirm actions before proceeding; (5) if uncertain, run commands in an isolated VM or container first.

Like a lobster shell, security has layers — review code before you run it.

latestvk9776fdv1zbne9y06cmtqwjzvh84egj3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments