Skillv1.0.0

ClawScan security

Auto Cleaning Disk · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 6:15 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (cleaning junk files) matches the included scripts, but there are safety/incoherence issues in the code (age-check not enforced, symlink handling, deletion of system log paths) that could lead to unintended file removal or require elevated privileges.
Guidance: This skill generally does what it says, but there are meaningful safety gaps in the implementation you should consider before running it: - Do not run it as administrator/root until you review/modify the code. Deleting /var/log, C:\Windows\Logs or similar may require elevation and can remove important logs. - The SKILL.md states it will only delete files older than 1 day, but the scripts do not check file modification times — they delete everything inside the listed folders. That mismatch could remove recently created cache or temporary files the user still needs. - Symlink risk: the code can follow directory symlinks (Path.is_dir() follows symlinks) and then shutil.rmtree will remove the linked target. A symlink inside a 'safe' folder could cause deletion outside the intended area. Consider patching the code to skip symlinks entirely or to never follow directory symlinks. - Confirm Mode is safer — use it and review the per-folder prompts before consenting. - Recommended improvements before use: implement and enforce age checks (os.path.getmtime), explicitly skip symlinks for directories (item.is_symlink()), add a dry-run mode that lists what would be deleted, and add explicit whitelist/blacklist checks (do not call shutil.rmtree on paths outside a vetted list). If you are not comfortable reviewing/modifying the Python, prefer not to install or run this skill, or run it in a disposable/test environment and back up any important data first.

Review Dimensions

Purpose & Capability: noteName/description match the code: OS detection and per-OS cleaning scripts are present and limited to temp, caches, trash, and logs. No unrelated credentials, binaries, or external endpoints are requested. This is coherent with the stated purpose.
Instruction Scope: concernSKILL.md promises 'Only delete files older than 1 day' and 'Never delete Documents/Downloads/System folders', but the scripts do not enforce an age check — they delete all items inside target folders. The scripts also iteratively remove directories with shutil.rmtree and evaluate is_dir() which follows symlinks; that can cause deletion of targets outside intended folders if symlinks exist. Scripts operate on system log locations (/var/log, C:\Windows\Logs) which can require elevated privileges and could remove files important for diagnostics. There are no network calls, and scripts only read standard env vars for paths.
Install Mechanism: okNo install spec (instruction-only plus bundled scripts) — nothing is downloaded or installed automatically. Risk from install mechanism is low.
Credentials: okSkill does not request secrets or unusual environment access. Scripts use common environment variables (TEMP, TMP, USERPROFILE) and Path.home(), which is expected for path discovery.
Persistence & Privilege: okalways is false and the skill does not request permanent presence or modify other skills or system-wide agent settings. It runs locally and interactively (prompts for confirmation when requested).