folder-counter

The name/description (count files and report types) align with the actions shown in SKILL.md. However, the instructions assume a bundled PowerShell script at C:\Users\41049\.openclaw\workspace\skills\folder-counter\scripts\count_files.ps1 even though no code files are present in the skill bundle. The hard-coded example path with a specific username is also unusual and suggests the examples were exported from a single-dev environment.

SKILL.md tells the agent (or user) to execute a local PowerShell script to perform counting. Because the skill package contains no scripts, the instructions either: (a) expect a pre-existing local script outside the bundle, or (b) omitted packaging the script. In either case, instructing execution of a local script gives the agent the ability to run arbitrary commands from disk — acceptable for a file-counter only if you can inspect the script beforehand. The instructions do not provide the script contents or a safe fallback; they also reference scanning arbitrary user paths (e.g., D:\项目作品), which is within scope but emphasizes the need to review the actual script.

This is an instruction-only skill with no install spec, so nothing is written to disk by the skill itself. That lowers supply-chain risk. The inconsistency is that SKILL.md references a script that isn't packaged — a missing artifact rather than a risky installer.

The skill requests no environment variables, no credentials, and no config paths. That is proportionate for a local folder-counting task.

always is false and the skill is user-invocable / can be autonomously invoked (the platform default). The skill does not request persistent presence or modify other skills. No additional privilege concerns in the manifest.