by 安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
This skill claims to be a CLI filesystem tool but the published package lacks the actual 'filesystem' executable referenced throughout the docs; the README and SKILL.md instruct you to git clone and run npm commands (network fetch) even though the manifest does not declare network or git/npm requirements. Before installing or running anything: 1) Inspect the remote repository (https://github.com/gtrusler/clawdbot-filesystem) yourself and verify the 'filesystem' script contents and authorship; 2)...详细分析 ▾
⚠ 用途与能力
The name/description match the requested capabilities (listing, searching, batch ops). However package.json and SKILL.md imply a Node-based CLI named 'filesystem' that would be installed/run, yet no 'filesystem' binary/script is included in the published files. Also the documentation instructs cloning from GitHub and npm operations (network activity), but the skill metadata and package.json claim no network permission and only require 'node' (they do not list 'git' or 'npm' as required). These inconsistencies mean the manifest does not reliably represent what will be needed or executed.
⚠ 指令范围
The SKILL.md instructs the agent/user to clone a remote repo, make an executable 'filesystem', and run commands that access arbitrary paths (including examples touching /var/log, /etc). Those actions are expected for a filesystem tool, but the instructions require network access and local execution of a binary that is not present in the skill bundle. There is no instruction to validate the cloned code beyond simple chmod, so following the instructions blindly could run unreviewed code locally.
⚠ 安装机制
There is no formal install spec in the registry entry (instruction-only). The SKILL.md suggests 'git clone' and optional 'npm install -g .', which pulls code from a remote GitHub repo at runtime. Since no binary or install archive is bundled, the only way to obtain the runnable program is to fetch remote code. The registry metadata claims 'network: none' while the README/installation explicitly require network access — this mismatch raises risk because the actual install is a network fetch of code that will be executed locally.
ℹ 凭证需求
The skill does not request environment variables or credentials, and the declared primary credential is none — that is proportionate for a local filesystem tool. However, package.json lists 'network': 'none' in 'clawdbot.permissions' despite installation and README requiring network access (git/npm). Also the package.json permissions claim filesystem read-write, which is expected for this functionality but underscores the risk: this skill (if installed/executed) will be able to read and copy files on the host.
✓ 持久化与权限
The skill does not set always:true and does not request persistent elevated registry privileges. It is user-invocable and allows autonomous model invocation (the platform default). There is no evidence the skill attempts to modify other skills or system-wide agent settings in the provided files.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/1/27
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install clawdbot-filesystem
镜像加速npx clawhub@latest install clawdbot-filesystem --registry https://cn.longxiaskill.com