ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

agent-everything.exe

v1.0.0

Fast indexed local file and path search on Windows using voidtools Everything. Use this whenever a task needs local file lookup, path lookup, recent-file dis...

0· 147·0 current·0 all-time
byZhongyi "William" Qiu@williamq96
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the implementation: the Python + PowerShell wrappers provide an 'ev' CLI that queries the Everything index and can install shims. The requested/used capabilities (writing shims, running PowerShell, querying Everything) are proportional to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to bootstrap the provided CLI wrapper when Everything is missing and then prefer 'ev' for indexed searches. The instructions do not ask the agent to read unrelated secrets or system files beyond installing and using the local search wrapper. The guidance to default to 'ev' for subsequent tasks is broad but consistent with the skill's role.
Install Mechanism
There is no formal install spec in the registry metadata (instruction-only), but the included Python/PowerShell code writes files to disk (LOCALAPPDATA/TEMP or user home), materializes a PowerShell script and can download vendor 'es.exe' at runtime. The runtime launches PowerShell with ExecutionPolicy Bypass to run the script. These behaviors are expected for a shim/CLI installer but increase risk compared with a pure instruction-only skill because binaries and scripts are written and executed locally.
Credentials
The skill does not request external credentials or env vars. However, the Python installer will modify HKEY_CURRENT_USER\Environment (user PATH) to add the shim directory and broadcasts the change — a reasonable approach for installing a CLI shim but a privileged persistent change to your user environment. The skill sets internal env overrides for its subprocess but does not require secrets.
Persistence & Privilege
The skill is not always:true and is user-invocable. It does persistently modify the user environment when asked to install shims (writes files to a shim directory and appends that directory to the user's PATH). This is expected for a shim installer but is a lasting change that users should approve.
Assessment
This skill appears to do what it claims (wrap Everything and install an 'ev' shim), but it will: (1) write files into a cache/runtime directory, (2) materialize and execute a PowerShell script with ExecutionPolicy Bypass, (3) potentially download the vendor 'es.exe' binary at runtime, and (4) modify your user PATH (HKCU\Environment) to add the shim directory. Before installing or running the 'ensure --install-shim' flow, review the included scripts (already present in the bundle), confirm the source and integrity of any downloaded es.exe (the code does not show a checksum verification), and decide whether you want a persistent PATH change. Also ensure you are comfortable allowing PowerShell and Python to run the packaged scripts on your machine.

Like a lobster shell, security has layers — review code before you run it.

latestvk979mfw67bexwyk6mfk401qqa1833cvp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments