ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Exfat Recovery

v1.0.0

Recover corrupted exFAT USB drives on Windows without formatting. Diagnose boot region corruption, repair with chkdsk or TestDisk, and prevent future corrupt...

0· 82·0 current·0 all-time
bySolomon Neas@solomonneas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to diagnose and repair exFAT boot-region corruption and to provide prevention scripts. The SKILL.md and included references provide PowerShell diagnostic commands, chkdsk usage, TestDisk guidance, and scripts to back up/restore boot region and register shutdown/scheduled tasks — all directly relevant to the described purpose.
Instruction Scope
Instructions include running commands as Administrator, reading from and writing raw disk devices (e.g. \\.\PhysicalDriveN), invoking chkdsk, and modifying Group Policy/registry keys. Those actions are necessary for boot-region backup/restore and prevention, but they are high-impact and must be executed carefully (wrong disk/offset will corrupt other volumes). The skill does not explicitly state the required Administrator privilege level, which is an important practical detail.
Install Mechanism
This is instruction-only (no install spec, no code to fetch). The only external tool recommended is TestDisk with a link to the official site (cgsecurity.org). No remote downloads or archives are automatically fetched by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. However, the runtime actions require Administrator access and write access to raw device paths and HKLM registry keys. Those privileges are proportional to the prevention (scheduled task as SYSTEM, Group Policy changes) but are high privilege and not explicitly documented as required in the metadata.
!
Persistence & Privilege
The prevention workflow instructs creating a scheduled task that runs as SYSTEM and registering a Group Policy shutdown script via HKLM — both create persistent, high-privilege system changes. While these are coherent with the prevention goals, they increase attack surface and should only be applied by a knowledgeable administrator after verifying disk identifiers and script contents.
Assessment
This skill appears to do what it says, but it performs high-impact, privileged operations. Before using it: (1) Understand that you must run commands as Administrator and be extremely careful selecting the correct PhysicalDrive number and partition offset — writing to the wrong device will irreversibly damage data. (2) Back up any critical data (or work on a disk image) before attempting writes or restores. (3) Only download TestDisk from the official site linked in the instructions. (4) Review the scheduled-task and Group Policy changes; creating tasks that run as SYSTEM or adding shutdown scripts changes system behavior and should be applied intentionally. (5) If you are unsure, seek help from an experienced sysadmin or data-recovery professional rather than running raw-disk write operations yourself.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c299gxdbdb269s4wme33brx838w7e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments