Workspace Org
PassAudited by ClawScan on May 7, 2026.
Overview
This skill appears to be a transparent workspace-organization helper, with the main caution that its optional apply script can move files when run with --execute.
This looks safe to install as a workspace-convention skill. Before running apply.py with --execute, check the dry-run output and confirm it is pointed at the intended workspace. Treat files/inbox and files/outbox as shared handoff areas.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong directory, files could be moved into the skill's files/ layout and existing paths may change.
The apply helper can move files within the chosen workspace when explicitly run with --execute. This matches the skill's purpose and is dry-run by default, but it is still local file mutation authority.
parser.add_argument("--execute", "-x", action="store_true") ... a["source"].rename(a["target"])Run the dry run first, confirm the workspace path, and only use --execute after reviewing the planned moves.
Files placed in inbox/outbox may be read or acted on by other agents using the same workspace convention.
The skill defines local folders for agents to exchange deliverables. This is purpose-aligned, but users should treat these folders as shared handoff locations.
**Cross-agent handoff**: sender writes to `files/outbox/`, receiver picks from `files/inbox/`.
Avoid placing secrets or untrusted executable content in shared handoff folders unless that sharing is intended and reviewed.