ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Batch Renamer

v1.0.1

批量文件重命名工具,支持多种命名模式、正则表达式、预览和撤销功能。适用于需要批量整理文件的场景,如照片整理、文档归档、下载文件重命名等。

1· 430·1 current·1 all-time
by@utopiabenben
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (batch renaming with preview and undo) matches the included Python script: it lists files, generates names, writes a local backup file, renames, and can undo. However the SKILL.md/README recommend npm installation and claim JavaScript regex syntax, which does not cleanly match the Python implementation.
!
Instruction Scope
SKILL.md instructs npm install -g and describes JavaScript-style regex usage; the actual runtime instructions in the Python script expect running python3 batch_renamer.py. The docs encourage using 's/.../.../' style regexes, and the script attempts to parse that form, but its implementation is incorrect (uses non-existent re.GLOBAL and mixes JS-style expectations with Python re). This is scope/instruction mismatch and can cause surprising failures.
!
Install Mechanism
No install spec is provided in the skill manifest (instruction-only), but SKILL.md shows an 'npm install -g batch-renamer' command. Because there's no declared install mechanism and the included code is Python, the npm instruction is misleading and could lead users to install an unrelated npm package (which would be a separate security risk).
Credentials
The skill requests no environment variables, no credentials, and no config paths. Its operations are local file I/O limited to the target directory and a local backup file (.batch-renamer-backup.json), which is proportionate to its stated purpose.
Persistence & Privilege
The skill does not request persistent/global privileges or 'always' inclusion. It stores a backup mapping file in the target directory (expected for undo support) and does not modify other skills or system-wide settings.
What to consider before installing
This package appears to be a local Python batch-renamer and does not try to exfiltrate data or access secrets — but there are coherence problems you should consider before installing or running it: - Documentation vs implementation mismatch: SKILL.md/README advise 'npm install -g batch-renamer' and state JavaScript regex syntax, while the bundled file is a Python script (batch_renamer.py). Do NOT run npm install unless you intend to install an npm package from the registry; that could fetch unrelated code. - Implementation bugs: apply_regex uses 're.GLOBAL' (which doesn't exist) and mixes JavaScript-style 's/.../.../' parsing with Python's re library. This will likely cause regex failures or exceptions. Expect to test with --preview first. - Safe testing steps: run the Python script directly (python3 batch_renamer.py) in a safe, small test directory or copy of your files; always use the --preview flag first to verify mappings; check the .batch-renamer-backup.json file before executing; keep a manual backup of important files. - Additional verification: if you plan to install a globally published package, confirm the package author and inspect the package contents (npm registry or source repo). If this skill will be used by others or in production, ask the author for provenance or a trusted release; resolving the npm vs python mismatch and fixing the regex handling would increase confidence. If you want, I can: 1) point out the exact lines to fix in apply_regex, 2) produce a corrected version of the script that properly supports 's/old/new/g' semantics in Python, or 3) draft safer installation/run instructions that avoid npm ambiguity.

Like a lobster shell, security has layers — review code before you run it.

latestvk977sb970981xhgzqm39ybaecx838nfc
430downloads
1stars
3versions
Updated 8h ago
v1.0.1
MIT-0
@utopiabenben
latest
Download

Batch Renamer - 批量文件重命名工具

功能特性

  • ✅ 多种命名模式:序号、日期、自定义前缀/后缀
  • ✅ 正则表达式支持:灵活匹配和替换
  • ✅ 预览功能:先预览,确认后再执行
  • ✅ 撤销操作:支持撤销最近一次重命名
  • ✅ 安全可靠:自动备份原始文件名

安装

npm install -g batch-renamer

快速开始

1. 序号重命名

batch-renamer rename ./photos --pattern "photo_{001}.jpg"

2. 日期重命名

batch-renamer rename ./docs --pattern "doc_{YYYY-MM-DD}.md"

3. 正则表达式替换

batch-renamer rename ./downloads --regex "s/^DSC_/photo_/"

4. 预览模式(不实际执行)

batch-renamer rename ./photos --pattern "photo_{001}.jpg" --preview

5. 撤销操作

batch-renamer undo ./photos

详细使用说明

命名模式变量

  • {001} - 三位序号(自动补零)
  • {01} - 两位序号
  • {1} - 一位序号
  • {YYYY} - 四位年份
  • {MM} - 两位月份
  • {DD} - 两位日期
  • {HH} - 两位小时
  • {mm} - 两位分钟
  • {original} - 原始文件名(不含扩展名)
  • {ext} - 原始扩展名

正则表达式语法

使用 JavaScript 正则表达式语法:

# 替换前缀
batch-renamer rename ./files --regex "s/^old_/new_/"

# 删除空格
batch-renamer rename ./files --regex "s/\s+/_/g"

# 提取数字
batch-renamer rename ./files --regex "s/.*?(\d+).*/file_$1/"

安全措施

  1. 预览模式:默认先显示预览,需要确认后才执行
  2. 自动备份:执行重命名前自动保存映射关系
  3. 撤销功能:随时可以撤销最近一次操作
  4. dry-run 选项:使用 --preview 或 --dry-run 查看效果

示例场景

场景 1:整理照片

# 将 DSC_0001.jpg 重命名为 2026-03-05_001.jpg
batch-renamer rename ./photos --pattern "{YYYY-MM-DD}_{001}.jpg"

场景 2:整理下载文件

# 将 "下载 (1).pdf" 重命名为 document_001.pdf
batch-renamer rename ./downloads --pattern "document_{001}.{ext}"

场景 3:批量替换

# 将所有文件名中的 "v1" 替换为 "v2"
batch-renamer rename ./files --regex "s/v1/v2/g"

配置文件

可以在项目根目录创建 .batch-renamer.json 配置默认选项:

{
  "preview": true,
  "backup": true,
  "pattern": "{001}.{ext}"
}

故障排除

  • 撤销失败:确保在同一目录下执行,且备份文件未被删除
  • 正则表达式错误:检查语法,可使用 --preview 先测试
  • 权限问题:确保有文件读写权限

更新日志

v0.1.0 (2026-03-05)

  • 初始版本发布
  • 支持基础重命名功能
  • 支持预览和撤销

Comments

Loading comments...