ClawHub

Auto Cleaning Disk

Security checks across malware telemetry and agentic risk

Overview

This is a real disk-cleaning skill, but it can silently delete broad cache, log, trash, and system-managed folders despite claiming safe cleanup.

Install only if you are comfortable giving this skill local file-deletion authority. Prefer Confirm Mode, do not run it as administrator or root, review every target path before execution, and do not rely on its safe-cleaning or older-than-one-day promises because the scripts do not fully enforce them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs the agent to detect the OS, read reference files, and run platform-specific cleaning scripts, which implies shell, file-read, and environment access without declaring corresponding permissions. Undeclared capabilities are dangerous because they hide the true execution surface from reviewers and users, especially for a destructive disk-cleaning skill that can remove files across the system.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill markets itself as a safe junk-file cleaner, but the referenced behavior includes deleting broad cache locations and system-managed data such as ~/.cache, /var/log contents, and Windows SoftwareDistribution downloads. That mismatch is dangerous because users may consent expecting low-risk cleanup, while the actual behavior can remove system-relevant files, disrupt updates, erase diagnostics, or break applications.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script recursively deletes the entire ~/.cache directory under the label 'Log Files', which is broader than the stated scope of temp files, browser cache, trash, and log cleanup. User cache directories can contain application state, offline data, tokens, and other nontrivial data, so unconditional deletion can cause data loss or application breakage beyond expected disk cleanup.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The docstring promises 'safe' cleanup without deleting important files, but the implementation performs unconditional recursive deletion of broad directories such as /tmp, /var/tmp, trash locations, browser caches, and especially ~/.cache. This mismatch is dangerous because users may trust the safety claim and run the tool automatically, increasing the chance of unintended data loss or disruption to running applications.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script recursively deletes all contents of /var/log, a system-wide log directory that may contain active logs needed for debugging, security investigations, compliance, or system stability. In the context of a disk-cleaning skill that promises safe removal of junk files, this broad deletion is dangerous because it exceeds user expectations and can destroy operationally important data.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The docstring claims the cleaner works safely, but the implementation blindly removes entire directory contents for every configured path, including sensitive locations like /var/log and broad cache directories. This mismatch is risky because it can mislead users and downstream agents into trusting destructive behavior they would otherwise scrutinize or confirm more carefully.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The docstring promises the cleaner 'never deletes important user files,' but the implementation recursively removes entire directories such as Firefox profiles and Windows SoftwareDistribution downloads without checking what is inside. In an automation skill whose purpose is to clean disk space, overstating safety increases the chance of irreversible user data loss or system disruption because users may trust it to run unattended.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation text uses broad phrases like 'computer is slow' or 'remove junk files,' which can cause the skill to trigger in contexts where the user did not clearly request file deletion. Because this skill performs destructive cleanup actions, accidental activation increases the risk of unintended data or system-state changes.

Vague Triggers

Low
Confidence
77% confidence
Finding
The description does not clearly define when the skill should not run, which creates ambiguity around activation boundaries and cleanup scope. In a file-deleting skill, weak trigger boundaries make unintended execution more dangerous because users may not realize they are authorizing deletion operations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The procedure includes destructive deletion of files across temp, cache, trash, and log-related locations, but it does not clearly warn that data may be permanently removed when run in automatic mode. In this skill context, the danger is elevated because the skill is explicitly designed to clean disk space automatically across Linux systems, so a user may trigger broad deletions without understanding the permanence or potential side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
In auto mode, the script empties the Recycle Bin without a per-action confirmation, making a destructive operation occur silently. Given the skill explicitly says to ask the user whether to run automatically or with confirmation, this behavior is risky because users may not realize one of the actions permanently removes recoverable files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal