File Manager 1.0.0
ReviewAudited by ClawScan on May 10, 2026.
Overview
This file manager mostly matches its purpose, but it can permanently change or delete local files and some safety/provenance details do not match the shipped artifacts.
Use this only on directories you are willing to reorganize, rename, copy, or delete from. Start with preview or --scan-only modes, avoid --delete and --execute until you have reviewed the planned changes, prefer quarantine moves over permanent deletion, and keep backups of important files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user runs duplicate cleanup on the wrong directory and confirms, files can be permanently deleted rather than moved to a recoverable quarantine folder.
The duplicate cleanup tool defaults to permanent deletion and uses unlink() for files selected as duplicates. Although it asks for confirmation, this is a high-impact local file mutation and is not as conservative as the safety claims in the documentation.
parser.add_argument('--action', choices=['delete', 'move', 'link'], default='delete' ...)
...
if args.action == 'delete':
f.unlink()Run duplicate cleanup with --scan-only first, prefer --action move --to <quarantine_dir>, and make backups before confirming deletion.
Users may trust the stated safety guarantees and approve commands without realizing one script can permanently delete files.
The documentation tells users that all modifying operations default to dry-run and that deletion prefers quarantine, but the included deduplication script defaults to direct deletion after confirmation.
- **预览优先**: 所有修改操作默认执行 dry-run,确认后再执行 - **备份保护**: 删除操作优先移动到隔离区而非永久删除
Treat the safety section as guidance rather than a guarantee; inspect each command’s flags and behavior before allowing execution.
It may be harder to verify who packaged or published this file-mutating skill.
The included package metadata does not match the supplied registry metadata, which lists a different owner ID and slug. This is a provenance inconsistency, not proof of malicious behavior.
"ownerId": "kn78d6pkbd43hwzv1f4rc30ymh820fsv", "slug": "file-manager"
Verify the publisher/source before running commands that modify or delete important files.
A scheduled job could continue reorganizing files automatically after the original task is complete.
The reference material suggests adding scheduled cron automation. This is user-directed and purpose-aligned, but it creates persistent file-moving behavior if installed.
0 * * * * python organize.py ~/Downloads --by-type --execute --move
Only add scheduled jobs intentionally, document them, and test on a small directory before using --execute --move.