by 安全扫描
OpenClaw
安全
high confidenceThe skill's declared purpose (safe, auditable file operations) matches its instructions and requirements; it is an instruction-only skill that does not request credentials or install code, but it performs destructive file actions so operator controls are still important.
评估建议
This skill appears coherent with its stated goal and does not request credentials or install code, but it performs potentially destructive file operations. Before installing or enabling it: (1) confirm what the platform supplies as the 'workspace root' and ensure the skill cannot escape that scope, (2) require explicit user confirmation for delete/recursive/overwrite actions and test on non-production data, (3) ensure backups created by the skill are stored where you expect and protected, (4) if...详细分析 ▾
✓ 用途与能力
Name, description, and runtime instructions are aligned: the skill describes reading/writing/updating/deleting/moving/copying files with path validation and backups and does not request unrelated binaries, env vars, or external services.
ℹ 指令范围
SKILL.md stays within the stated purpose and contains explicit safety rules (preflight checks, resolved path printing, backups). It does not instruct network transmission or credential access. One ambiguity: it refers to an 'MCP-enabled environment' and 'workspace root(s)' but does not declare how those roots are obtained or enforced — that platform integration detail is external to the skill and should be verified by the deployer.
✓ 安装机制
Instruction-only skill with no install spec and no code files. Nothing is written to disk by the skill itself during installation.
✓ 凭证需求
The skill declares no environment variables, credentials, or config-path requirements. It does not request broad secrets or unrelated access.
ℹ 持久化与权限
always:false (normal) and user-invocable:true. The skill can be invoked autonomously by the agent (disable-model-invocation:false) — this is platform default, but combined with file-editing capabilities it means you should confirm agent policies and prompting/confirmation behavior before allowing autonomous runs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/24
Initial release of file-operations skill. - Perform safe, auditable file operations: read, write, update, delete, move, and copy. - Path validation and scope checks prevent unauthorized file access. - Automatic backups for destructive actions (overwrite, delete) for easy recovery. - Detailed output reporting includes reverted changes and backup locations. - Enforces safety rules to avoid accidental data loss or unauthorized operations.
● 无害
安装命令
点击复制官方npx clawhub@latest install axodus-file-operations
镜像加速npx clawhub@latest install axodus-file-operations --registry https://cn.longxiaskill.com