Dev Machine Cleanup
Security checks across malware telemetry and agentic risk
Overview
The skill is purpose-aligned for cleanup, but it would asynchronously SSH into a development machine and delete files/Docker images without clear credential scoping, confirmation, or enforceable safeguards.
Install or invoke this only if you trust the agent to use SSH on the datax development machine. Before use, add a dry-run and explicit approval step, confirm the exact host/account/path scope, make Docker pruning optional, and ensure you can review or cancel any background cleanup run.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked accidentally or if files match the broad patterns unexpectedly, the agent could delete useful logs, temporary files, or Docker images from the development machine.
The skill instructs a sub-agent to run destructive shell commands on a remote development machine, including forced Docker image pruning, without a dry-run, approval gate, backup, or rollback step.
find /mnt/www -name '*.log' -mtime +7 -delete find /mnt/www -name 'tmp_*' -mtime +3 -delete docker image prune -f
Require an explicit confirmation after showing a dry-run count/list, add path and file exclusions, make Docker pruning separately opt-in, and document rollback or backup expectations.
The agent may use whatever SSH identity or local configuration is available, making it unclear which account and permissions will be used to mutate the remote machine.
The skill assumes SSH access to a named development machine and authority to delete files and prune Docker images, while the registry metadata declares no primary credential, required environment variables, or required config paths.
SSH 到 datax 开发机,执行:
Declare the required SSH host, user, credential/config source, and minimum privileges; use a least-privileged cleanup account and require user confirmation before using it.
Users may over-trust the cleanup as safe even though the artifact does not show checks that actually prevent deletion of important matching files.
The stated safety boundary is stronger than the shown commands: the commands only filter by path, filename pattern, and age, and do not verify whether matching files are business data or otherwise important.
安全边界: - ❌ 不删除业务数据文件 - ❌ 不删除配置文件
Replace broad safety claims with enforceable controls, such as dry-run review, allowlisted directories, denylisted extensions/paths, service-owner approval, and explicit reporting of what will be removed.
Cleanup may continue in the background after the user moves on, increasing the chance that a mistaken invocation is not noticed immediately.
The skill intentionally uses an asynchronous child agent to continue cleanup while the main conversation proceeds. This is disclosed and purpose-aligned, but it matters because the child agent performs destructive operations.
sessions_spawn({
agentId: "agent-ge",
task: "清理开发机日志和临时文件",
mode: "run",
streamTo: "parent",
label: "dev-cleanup"
})Add clear start/stop/cancel behavior, prevent overlapping runs, and require confirmation before the child agent executes deletion commands.
Operational details about the development machine may be kept and reused in later sessions.
The skill stores cleanup results in persistent memory. This appears purpose-aligned, but it creates retained context about host names, disk usage, and cleanup activity.
清理结果记录到 `memory/dev-cleanup-YYYY-MM-DD.md`
Store only minimal non-sensitive summaries, avoid secrets or detailed paths, and provide a way to review or delete the memory entry.