ClawHub

Tar

v3.0.1

Create, extract, list, and compress tar archives with format support. Use when scanning contents, monitoring sizes, reporting results, alerting corruption.

0· 193·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md commands, and the included scripts all implement archive creation, listing, extraction, inspection, diffing and verification using system tar/file utilities — the requested capabilities align with the stated purpose.
Instruction Scope
SKILL.md directs the agent to run the bundled scripts/script.sh with explicit subcommands; the script only operates on provided archive paths and uses standard local utilities. It does not reference external endpoints, secrets, or unrelated system paths. Note: extracting untrusted archives may cause path traversal or overwrite issues because tar is invoked without sandboxing — this is a usage/security caveat, not an incoherence.
Install Mechanism
No install spec or network downloads are present; the skill is instruction-only with a local script, so nothing is fetched or written to disk by an installer.
Credentials
The skill requires no environment variables or credentials. The script uses common utilities (tar, file, du, stat, grep, sort, comm) which are appropriate for an archive tool.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide agent settings. It does not request persistent presence or elevated privileges.
Assessment
This skill is a simple shell wrapper around the system tar and related utilities and appears to do what it says. Before installing/using: (1) inspect scripts/script.sh yourself (it's executed locally); (2) ensure tar/file are the expected system binaries; (3) avoid extracting untrusted archives in sensitive directories — tar can contain absolute paths or ../ entries and may overwrite files; (4) be cautious when passing untrusted filenames or patterns (shell/tar/grep will process them); and (5) run in a sandbox or with limited permissions if you will operate on archives from unknown sources.

Like a lobster shell, security has layers — review code before you run it.

latestvk975cn6c1fxvpmjgg5e3wm9bws837gcw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments