Skills
skills/bussgrowwithlucky-crypto/openclaw-skill-file-manager/file-manager/Gen Agent Trust Hub

file-manager

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill.py script includes functions to move files (shutil.move) and delete files (file.unlink). These capabilities are the core functionality of the 'organize' and 'cleanup' commands respectively, intended for managing log files and directories.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it reads and displays filenames from the local filesystem that could contain malicious instructions intended for the agent.
  • Ingestion points: The list_files and find_duplicates functions in skill.py read filenames using path.glob and path.rglob.
  • Boundary markers: None; filenames are printed directly to the standard output without delimiters.
  • Capability inventory: The skill has the ability to delete files (file.unlink) and move files (shutil.move) across the filesystem.
  • Sanitization: No sanitization or filtering of file names is performed before they are output to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 10:25 AM