Folder Tree Generator
PassAudited by ClawScan on May 1, 2026.
Overview
The skill does what it claims—prints directory trees—but users should avoid running it on broad or sensitive folders because filenames and paths may appear in the output.
This appears safe for its stated purpose. Before installing or using it, remember that directory listings can still reveal sensitive filenames and paths; provide a specific target directory and depth limit when possible.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run on a sensitive directory, private project names, filenames, and paths could be placed into the agent conversation or logs.
The skill recursively enumerates a chosen directory and defaults to unlimited depth, which is central to its purpose but can reveal local file and folder names or produce very large output if pointed at a broad location.
const { maxDepth = Infinity, ignore = ['.git', 'node_modules', '.DS_Store'], currentDepth = 0 } = options; ... fs.readdirSync(dirPath) ... .map(child => generateStructure(path.join(dirPath, child), ...))Run it only on intended folders, use --depth for large trees, and avoid scanning home, root, secrets, or other sensitive directories unless you are comfortable exposing the listing.