Files

Name: Files
Author: ivangdavila

Description

Safely organize, deduplicate, and analyze files with intelligent bulk operations and full undo support.

README (SKILL.md)

What This Skill Does (and Doesn't)

YES: Organize existing files, find duplicates, analyze disk usage, batch rename/move, clean up clutter NO: Open files, create files/folders, copy files, extract archives, basic file browsing — use standard file operations for those

This is a power tool for reorganization, not a replacement for basic file commands.

Path Security (Non-Negotiable)

Canonicalize ALL paths before any operation: resolve .., ~, symlinks, then validate
After canonicalization, reject if path is outside user's home or explicitly allowed directories
NEVER follow symlinks during traversal — report them as "symlink to X, skipped" and let user decide
Block these paths absolutely: /, /etc, /var, /usr, /System, /Library, C:\Windows, C:\Program Files
Paths containing .. after canonicalization = reject with explanation

Fast Path vs Safe Path

Fast path (1-9 files): Execute immediately with brief confirmation: "Move 3 files to Archive? [Y/n]" Safe path (10+ files): Create manifest, show summary, require explicit "yes" or review

This prevents confirmation fatigue for simple operations while protecting bulk actions.

Trash Handling

Use the operating system's native trash: trash CLI on macOS/Linux, Recycle Bin API on Windows
If OS trash unavailable, move to ~/.local/share/file-organizer-trash/ with metadata sidecar
Metadata sidecar (JSON): original path, deletion timestamp, operation ID — NOT path-in-filename
Never permanently delete without explicit "permanently delete" or "empty trash" command

Undo System

Every operation creates an undo record in ~/.local/share/file-organizer/undo/TIMESTAMP.json
Record contains: operation type, source paths, destination paths, checksums of moved files
"Undo last" reverses the most recent operation using the record
Undo records expire after 30 days — warn user before expiry
NO shell scripts for undo — JSON metadata only, executed by the agent

Symlink Policy

During directory traversal: skip symlinks, report them separately
"This folder contains 12 symlinks pointing outside — review before proceeding?"
Never follow symlinks automatically — they're a classic attack vector
User can explicitly request "follow symlinks" but must confirm each external target

Duplicate Detection (Scalable)

Phase 1: Group by exact size (instant, no I/O)
Phase 2: Hash first 4KB of same-size files (fast filter)
Phase 3: Full hash only for files matching phase 2
For >10,000 files, require confirmation: "This will take ~15 minutes. Proceed?"
Cache hashes in ~/.local/share/file-organizer/hash-cache.db (SQLite) with mtime invalidation

Bulk Operations

Batch rename: Preview ALL transformations if \x3C50 files, first/last 10 if more, always show total count
Batch move: Verify destination has space before starting, atomic per-file with rollback on error
Progress: Update every 5% or 30 seconds, whichever is less frequent — not per-file spam
Error handling: On ANY error, stop, report what succeeded/failed, offer "continue skipping errors" or "rollback completed"

Organization Proposals

Analyze directory contents FIRST, then propose: "80% images, 15% videos, 5% docs — organize by date or type?"
Always show concrete examples: "vacation-photo.jpg → 2024/06-June/vacation-photo.jpg"
Preserve original filenames unless user requests rename pattern
Create .file-organizer-manifest.json in destination documenting the reorganization for future reference

Size Analysis

Top consumers by directory, not individual files — users think in folders
Flag known safe-to-delete: node_modules, pycache, .gradle, build/, target/, Pods/
Calculate actual vs apparent size (sparse files, hardlinks)
For cleanup suggestions, always state recoverability: "Deleting node_modules: fully recoverable with npm install"

Platform Specifics

macOS: Respect .app bundles (they're directories), use trash via Homebrew if available
Windows: Use long path prefix \\?\ for paths >260 chars, use shell API for Recycle Bin
Linux: XDG trash spec (~/.local/share/Trash/), handle different filesystem capabilities

Limits and Failures

Refuse operations on >100,000 files without explicit override: "This affects 250K files. Type 'I understand' to proceed"
If manifest would exceed 10MB, paginate: "Showing batch 1 of 15 (page through with 'next')"
Network drives: detect by response time, warn about reliability, suggest local copy first
Disk full: check before starting, reserve 1% headroom, fail gracefully with partial completion report

Usage Guidance

This skill looks like a reasonable file-organizer tool, but ask the owner/author to clarify two things before installing or running it: (1) The SKILL.md header says it will not open or create files, yet the instructions explicitly describe reading files for hashing and writing undo/manifest/cache files — decide whether you accept these on-disk writes and reads. (2) It references an external 'trash' CLI on macOS/Linux without declaring it; confirm what happens if that binary is missing and whether the skill will call or attempt to install external tools. Also note the skill will read many files when deduplicating (including hashing file contents) and will create records in ~/.local/share/file-organizer/ and manifests in destinations — back up important data before large operations and verify prompts/confirmations are enforced for bulk actions (>10 files, >100k files). If the author can remove the contradictory 'NO' statements and explicitly document required binaries/fallbacks, this assessment would become more confident (likely benign).

Capability Analysis

Type: OpenClaw Skill Name: files Version: 1.0.0 The OpenClaw AgentSkills skill bundle is classified as benign. The `SKILL.md` file, which contains instructions for the AI agent, explicitly defines and enforces robust security measures. These include strict path canonicalization and validation, blocking critical system directories, explicitly refusing to follow symlinks (identifying them as an attack vector), and crucially, stating 'NO shell scripts for undo' to prevent command injection. The skill's stated purpose of file organization is well-aligned with its instructions, which prioritize safety, user confirmation for bulk operations, and transparency, without any indication of malicious intent, data exfiltration, or prompt injection attempts.

Capability Assessment

✓ Purpose & Capability

Name/description (organize, dedupe, analyze files) aligns with the instructions: duplicate detection, batch moves/renames, undo, disk analysis. No unexpected external services or credentials are requested.

⚠ Instruction Scope

The SKILL.md contains internal contradictions and scope creep: the header states 'NO: Open files, create files/folders' but later sections require reading file contents (hashing), writing undo records (~/.local/share/file-organizer/undo/*.json), writing a hash cache (~/.local/share/file-organizer/hash-cache.db), and creating .file-organizer-manifest.json in destinations. These are file I/O and file creation operations that conflict with the stated 'NO' list. The doc also references using an external 'trash' CLI on macOS/Linux and OS APIs on Windows; these runtime behaviors are not declared elsewhere and need clarification. Overall the instructions are detailed and careful about safety, but the contradictory statements about what it will and will not do are a significant coherence problem.

ℹ Install Mechanism

This is instruction-only (no install spec, no code files), which is lowest-risk from an installation perspective. However, the instructions rely on OS facilities (native trash) and mention the 'trash' CLI for macOS/Linux without declaring it as required; the skill should clarify fallback behavior and whether it will attempt to install or call an external binary not present on the system.

✓ Credentials

No environment variables, credentials, or external configuration are requested. File and directory access is limited to user home and explicitly allowed directories per the policy in SKILL.md, which is proportionate to the stated purpose.

ℹ Persistence & Privilege

The skill will persist metadata and operational state to user-writable locations (e.g., ~/.local/share/file-organizer/, a hash-cache SQLite DB, and destination .file-organizer-manifest.json), and will move files to the OS trash or a local trash directory. It does not request elevated privileges and is not always-enabled, but users should be aware it will create and maintain on-disk records and caches in their home directory.

Version History

v1.0.0

Initial release

Metadata

Slug files

Version 1.0.0

License —

All-time Installs 16

Active Installs 16

Total Versions 1

Frequently Asked Questions

What is Files?

Safely organize, deduplicate, and analyze files with intelligent bulk operations and full undo support. It is an AI Agent Skill for Claude Code / OpenClaw, with 2290 downloads so far.

How do I install Files?

Run "/install files" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Files free?

Yes, Files is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Files support?

Files is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Files?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.

More Skills