Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The clean command will recursively delete all items previously classified as 'safe' when invoked with --confirm, without per-item interactive confirmation or a stronger authorization step at deletion time. Although the script includes some guardrails (HOME-bound paths, .git skip, skipping docker:// and glob-like entries), its scan results can still include valuable user data such as project build outputs, virtual environments, logs, caches, and large directory trees, so a misclassification or stale/tampered scan file can cause unintended data loss.
