ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

unzip-all

v1.0.0

递归解压所有嵌套的压缩包(zip/7z/rar),支持中文文件名。用于解压包含多层嵌套压缩包的文件夹。

0· 105·0 current·0 all-time
by@tang-dafa
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the included script: the Python script recursively extracts .zip/.7z/.rar files and handles GBK-encoded Chinese filenames. Required capabilities (7‑Zip for .7z/.rar) are documented in SKILL.md.
Instruction Scope
SKILL.md instructs the agent to extract files or folders and documents behavior (recursive extraction, GBK handling, and deleting originals). Nothing in the instructions or code attempts to read unrelated user files, call external network endpoints, or access unrelated credentials. Two operational risks: (1) the script deletes original archives after successful extraction (documented, but destructive), and (2) the zip extraction lacks protection against path traversal (zip-slip), so a malicious archive could write files outside the intended folder.
Install Mechanism
Instruction-only skill with an included Python script and no install spec. No downloads or third-party install steps are performed by the skill itself.
Credentials
The skill requests no environment variables or credentials. It does access the Windows registry to find 7z.exe (to locate 7‑Zip), which is reasonable for the stated Windows-targeted behavior but is not declared as an OS restriction.
Persistence & Privilege
No 'always' flag and no code that modifies other skills or agent-wide configuration. The skill runs only when invoked.
Assessment
This skill appears to do exactly what it says, but take precautions before using it on important data: - Backup your archives or test the skill on a copy first — the script deletes original archives after successful extraction. - The zip extraction does not sanitize archive member names (no zip-slip protection). Malicious archives could write files outside the target folder; avoid running this on untrusted archives or add path-sanitization checks (ensure final paths are under the extraction directory using abspath checks). - The script searches the Windows registry for 7‑Zip and uses Windows-style paths; it may not work on non-Windows systems or systems where 7z is in PATH but not registered. Confirm 7‑Zip is installed and accessible. - If you want safer behavior, modify the script to: (a) not auto-delete originals (or make deletion optional), (b) validate member paths (reject absolute paths and any path that escapes the target directory), and (c) look for 7z on PATH for non-Windows OSes. If you accept those limitations and run it in a controlled environment (or after applying the suggested fixes), the skill is coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk970x1sw9ke9ec40m613m7h2yd83mgpz
105downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@tang-dafa
latest
Download

unzip-all

递归解压文件夹中的所有压缩包,包括嵌套的 .zip、.7z、.rar 文件,自动处理中文文件名编码。

使用方法

当用户说类似"解压这个文件"、"解压这个文件夹"、"把里面的压缩包都解开"时使用。

解压单个压缩包(自动处理嵌套)

把 C:\Users\tangd\documents\project.zip 解压

→ 会解压 zip,然后检查解压后的文件夹,如果有嵌套的压缩包也会自动解压

解压文件夹内所有压缩包

把 C:\Users\tangd\documents\project\ 文件夹里的压缩包都解压

注意事项

  • 需要安装 7-Zip(用于解压 .7z 和 .rar 文件)
  • 自动使用 GBK 编码处理中文文件名
  • 解压后自动删除原压缩包
  • 递归处理直到没有嵌套压缩包

错误处理

如果遇到无法解压的情况:

  • 会显示具体错误原因
  • 保留原压缩包(不会删除)
  • 跳过失败的压缩包,继续处理其他的
  • 最后汇总报告所有失败的文件

Comments

Loading comments...