Ai File Organizer
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its file-organizing purpose, but it can bulk change files and auto-sync them to cloud services while credential handling and safety claims are unclear.
Review this skill before installing. If you use it, start with dry-run or interactive mode on a small folder, avoid sensitive directories, keep cloud sync disabled unless needed, and do not store real cloud secrets in plaintext config files.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the skill may use your cloud account and upload organized files; copied setup commands may also place secrets into a local config file.
Cloud sync uses user cloud credentials and can automatically upload organized files. The supplied registry requirements list no env var declarations or primary credential, so this account authority is not consistently declared.
access_key: "${ALIYUN_ACCESS_KEY}"
secret_key: "${ALIYUN_SECRET_KEY}"
bucket: "my-organized-files"
auto_sync: trueOnly enable cloud sync for folders you intend to upload, use least-privilege cloud credentials, protect config files, and prefer environment variables or a secret manager.
Users may overtrust the protection of cloud credentials or sensitive configuration data.
The documentation makes a strong encrypted-storage claim, but the provided cloud setup also shows access keys and secret keys in a YAML config workflow, and the visible artifacts do not establish how encryption is enforced.
- **加密存储**: 配置文件中的敏感信息加密存储
Treat credential storage as unverified unless the maintainer documents and implements encryption; do not store real secrets in plaintext config files.
A mistaken path or configuration could reorganize many files at once.
The skill is explicitly designed to read, copy, rename, classify, and move many files. This is purpose-aligned, but high-impact if run on the wrong directory.
python scripts/organizer.py --organize ~/Downloads --target ~/Organized python scripts/organizer.py --duplicates ~/Files --move-to _duplicates
Start with a small test folder and use dry-run or interactive preview before running on important directories.
Private documents could be analyzed by or synced to third-party providers when configured.
External AI/cloud provider endpoints are disclosed and match the stated cloud/AI features, but users should understand that files, content, or metadata may leave the local machine if those features are enabled.
"network": true, "networkEndpoints": [ "dashscope.aliyuncs.com", "api.aliyundrive.com", "pan.baidu.com" ]
Disable AI/cloud features for sensitive folders unless you are comfortable with the provider’s data handling.
Local metadata about organized files may remain after the task finishes.
The organizer keeps a persistent cache in the user's home directory. This is useful for performance, but may retain file hashes, paths, categories, or other metadata across runs.
self.cache_dir = cache_dir or os.path.join(Path.home(), '.ai-organizer', 'cache') self.cache_file = os.path.join(self.cache_dir, 'file_cache.json')
Clear the cache after organizing sensitive files or run with cache disabled where privacy matters.
Dependency versions may change over time or come from the user's default package index.
The skill instructs manual installation of unpinned Python packages and has no install spec. This is common for Python tools but leaves dependency version/provenance controls to the user.
pip install aiofiles aiomultiprocess tqdm pyyaml
Install in a virtual environment, pin versions if possible, and use trusted package indexes.
Scheduled runs could repeatedly reorganize or sync files, including newly downloaded sensitive files.
The documentation suggests user-created scheduled execution. This is disclosed and user-directed, but it means the organizer can keep acting on files without a fresh manual prompt.
crontab -e 0 2 * * 0 python /path/to/organizer.py --organize ~/Downloads
Only add scheduled jobs after testing, keep the folder scope narrow, and remove the cron entry when no longer needed.