by 安全扫描
OpenClaw
可疑
high confidence技能声明的目的(文件系统操作)是合理的,但包/安装细节与运行指令存在冲突(缺少可执行文件、未声明网络/安装需求),因此请谨慎操作并在安装前验证代码。
评估建议
该技能安全风险较低。1. 文件系统操作范围:技能主要在用户指定的目录范围内操作文件系统,能够列出、搜索和处理文件。2. 文件读取风险:技能可以读取文件系统中的文件内容,确保只处理可信来源的文件。3. 批量操作能力:技能支持批量文件处理,需注意操作的准确性和影响范围。4. 目录分析功能:技能提供目录统计和分析功能,这有助于了解项目结构。安装前建议:了解技能的具体操作权限范围;在非生产环境先测试批量操作的影响;定期检查技能的操作日志。...详细分析 ▾
⚠ 用途与能力
The name/description match the requested capabilities (listing, searching, batch ops). However package.json and SKILL.md imply a Node-based CLI named 'filesystem' that would be installed/run, yet no 'filesystem' binary/script is included in the published files. Also the documentation instructs cloning from GitHub and npm operations (network activity), but the skill metadata and package.json claim no network permission and only require 'node' (they do not list 'git' or 'npm' as required). These inconsistencies mean the manifest does not reliably represent what will be needed or executed.
⚠ 指令范围
The SKILL.md instructs the agent/user to clone a remote repo, make an executable 'filesystem', and run commands that access arbitrary paths (including examples touching /var/log, /etc). Those actions are expected for a filesystem tool, but the instructions require network access and local execution of a binary that is not present in the skill bundle. There is no instruction to validate the cloned code beyond simple chmod, so following the instructions blindly could run unreviewed code locally.
⚠ 安装机制
There is no formal install spec in the registry entry (instruction-only). The SKILL.md suggests 'git clone' and optional 'npm install -g .', which pulls code from a remote GitHub repo at runtime. Since no binary or install archive is bundled, the only way to obtain the runnable program is to fetch remote code. The registry metadata claims 'network: none' while the README/installation explicitly require network access — this mismatch raises risk because the actual install is a network fetch of code that will be executed locally.
ℹ 凭证需求
The skill does not request environment variables or credentials, and the declared primary credential is none — that is proportionate for a local filesystem tool. However, package.json lists 'network': 'none' in 'clawdbot.permissions' despite installation and README requiring network access (git/npm). Also the package.json permissions claim filesystem read-write, which is expected for this functionality but underscores the risk: this skill (if installed/executed) will be able to read and copy files on the host.
✓ 持久化与权限
The skill does not set always:true and does not request persistent elevated registry privileges. It is user-invocable and allows autonomous model invocation (the platform default). There is no evidence the skill attempts to modify other skills or system-wide agent settings in the provided files.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/1/27
清理命名:从显示名称中移除 “Clawdbot”,修复 LICENSE.md 扩展名。
● 无害
安装命令
点击复制官方npx clawhub@latest install clawdbot-filesystem
镜像加速npx clawhub@latest install clawdbot-filesystem --registry https://cn.longxiaskill.com 镜像可用
国内专用无需额外安装
本土化适配说明
无需额外安装。