ClawHub

Rm Safety

v1.2.2

Intercepts risky rm commands to assess impact, confirm user intent, and suggest safer alternatives before execution to prevent accidental data loss.

1· 120·0 current·0 all-time
by@caesaryp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md: the skill only asks the agent to detect RM-like commands, assess the target (ls, find, realpath, test), prompt the user, and optionally run backups or alternative commands. No unrelated credentials, binaries, or network access are requested. Minor note: README mentions a GitHub repo and ClawHub install path while registry metadata lists 'Source: unknown' and no homepage — this is a small metadata inconsistency but does not change functionality.
Instruction Scope
Runtime instructions are narrowly scoped to local filesystem checks (ls, find, realpath, test -e), confirmation prompts, and optional local backup/move operations. The instructions explicitly emphasize quoting, using '--', and refusing destructive global patterns (e.g., 'rm -rf /'). They do not instruct reading unrelated files or sending data externally. One operational caveat: counting files with find on very large directories can be slow or resource-intensive, which is expected behavior for an impact assessment but worth noting.
Install Mechanism
Instruction-only skill with no install spec or code to fetch — lowest install risk. README suggests optional cloning or npx clawhub install, but the skill package itself contains no install script or remote downloads.
Credentials
The skill requires no environment variables, credentials, or access to unrelated config paths. All commands operate on paths provided by the user/agent and local filesystem state. The backup target (/tmp) and workspace checks are proportional to the task.
Persistence & Privilege
always is false and the skill does not request elevated or persistent system-wide privileges. It does not modify other skills or system configs. Autonomous invocation (disable-model-invocation: false) is normal for skills; here there is no additional concerning privilege.
Assessment
This skill appears coherent and limited to local safety checks before deletes, but consider the following before installing: - The skill must run inside the agent's execution context to intercept 'rm' calls — it cannot retroactively stop deletes you run directly in a shell outside the agent. - Impact assessments use find/ls/realpath on the given path; for very large directories these checks can be slow or resource-heavy. - Confirm the backup behavior (it writes to /tmp by default) meets your needs; /tmp is ephemeral and not intended as long-term backup. - The package metadata references a GitHub repo/ClawHub page while registry source/homepage fields are empty — if you want a higher assurance, review the upstream repository (README links are provided) before enabling the skill. - Remember the agent will still execute the original rm command if you explicitly confirm; the skill is a guard not an automatic quarantine.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fpcnwxj407xnc2ae2nfqpdh83gtm7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments