ClawHub
Back to skill
v1.0.0

File Search

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:18 AM.

Analysis

This is a simple local file-search skill using standard fd and ripgrep commands, with the main caution that searches may reveal local file names or contents if run on sensitive folders.

GuidanceThis skill appears safe and purpose-aligned for local file searching. Before installing or using it, make sure fd and ripgrep come from trusted repositories, and avoid pointing searches at folders that may contain passwords, private documents, or other sensitive information unless you intend those matches to be visible to the agent.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
rg "TODO|FIXME" /home/xrx/projects

The skill demonstrates searching local file contents with ripgrep. This is expected for a file-search skill, but it can reveal private information if run against sensitive directories.

User impactSearch results may bring local file names or matching file contents into the agent conversation.
RecommendationUse the skill only on intended folders and avoid running broad searches over directories that may contain secrets, credentials, or personal data.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
sudo dnf install fd-find ripgrep

The install instruction uses the system package manager to install required binaries. This is purpose-aligned and user-directed, but it is still a privileged setup action.

User impactInstalling packages changes the local system and relies on the configured OS package repositories.
RecommendationInstall fd-find and ripgrep from trusted repositories and review package-manager prompts before approving the installation.