ClawHub

File Writer

v1.0.0

Safely write or update large files over 5000 bytes by reading, incrementally editing small sections, verifying each change, and using fallback recovery methods.

0· 577·9 current·11 all-time
byYuKaiXu@ykaixu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (safe file writes for large files) match the SKILL.md: the instructions describe reading, chunking, editing, verifying, backing up and restoring files. There are no unrelated env vars, binaries, or installs requested.
Instruction Scope
The runtime instructions explicitly tell the agent to read, edit, write and copy arbitrary file paths and to run checks (e.g., cp, wc, read with offsets). Those actions are appropriate for a file-writer skill, but they give broad file-system read/write capability — which is powerful and should be constrained by runtime permissions and deployed agent policy.
Install Mechanism
No install spec and no code files — the skill is instruction-only so nothing is downloaded or written to disk by an installer.
Credentials
The skill requires no environment variables, credentials, or config paths beyond normal file paths, which is proportionate to its stated purpose.
Persistence & Privilege
always is false and there is no indication the skill requests persistent or elevated platform privileges; autonomous invocation is allowed by default but not combined with other risk signals here.
Assessment
This skill is internally consistent and appears to do what it says, but it grants the agent the ability to read and write arbitrary files (including recommended use of cp/backups). Before installing or enabling it: (1) confirm what the agent-provided commands like read/edit/write map to in your runtime and ensure they enforce OS file permissions; (2) restrict the agent's filesystem access (or sandbox it) so it cannot touch sensitive system or credential files; (3) test the strategy on non-sensitive files first; (4) require backups and logging for any production file changes; and (5) consider adding a wrapper or policy that limits allowed target paths and enforces review for destructive changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk977jt459y74swbypn4vtmpqg181ze81

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments