file-batcher-tool
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user asking to convert images could lose the original files unexpectedly.
The conversion command removes the original image after creating the new format. The SKILL.md describes this as image conversion but does not disclose that originals will be deleted.
convert "$file" "${file%.*}.$format" && rm "$file" && ((count++))Disclose that conversion replaces/removes originals, or preserve originals by default. Add an explicit confirmation or dry-run mode before deleting files.
A mistaken or adversarial size argument could cause unintended filesystem behavior when searching for large files.
The user-controlled size value is inserted into a find command without validation or quoting, so malformed input could alter the find expression rather than only set a size threshold.
local size="${2:-100M}" ... find "$folder" -type f -size +$size -exec ls -lh {} \;Parse the --size option correctly, validate it against a strict size pattern, and pass it as a single quoted argument such as -size "+$size".
The conversion feature may fail until the user installs an external package.
The script requires ImageMagick for conversion at runtime, but the registry requirements declare no required binaries.
if ! command -v convert &> /dev/null; then ... Install: brew install imagemagick
Declare ImageMagick as an optional or required dependency and advise users to install it only from trusted package managers.