Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openclaw-cleaner
v1.0.0OpenClaw清理大师 - 项目目录清理与优化工具。提供快照、Diff、检查点、任务进度等能力,AI 可直接调用自动执行。
⭐ 0· 261·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (project cleaner: snapshots, diff, checkpoints, optimize) match the instructions and the embedded JavaScript implementation: it scans the workspace, records file contents and hashes, writes snapshots under .cleaner-backups, and exposes compare/restore/remove-like operations. That capability set is consistent with a cleaner tool, but the implementation is broad (reads file contents and writes backups) and examples reference removing skills ('skills.remove'), which may have wide effects depending on the agent runtime.
Instruction Scope
SKILL.md contains runtime instructions plus a full JS implementation that recursively reads most files in the workspace (reading file contents, computing hashes), creates snapshots containing file content, and exposes operations that perform deletions/changes. The header explicitly says 'AI 可在执行任务时直接调用,无需用户确认' (AI may call directly without user confirmation). Reading and persisting full file contents and allowing deletion without confirmation grants broad access to potentially sensitive files (.env, keys, credentials) and can cause irreversible changes if invoked autonomously.
Install Mechanism
No install spec and no code files outside SKILL.md — the skill is instruction-only. That lowers supply-chain risk because nothing external is downloaded or executed during install. However, the SKILL.md itself contains executable code the agent is expected to use at runtime.
Credentials
The skill requests no environment variables or credentials (proportionate). However, it performs filesystem access across the workspace and stores file contents in snapshot files under .cleaner-backups. Even though no external credentials are requested, the file I/O behavior can expose local secrets stored in the workspace — this is a privacy/privilege concern even without env credentials.
Persistence & Privilege
The skill does not set always:true (good) but the SKILL.md explicitly permits autonomous AI invocation without user confirmation and provides code that deletes/changes files. Autonomous invocation combined with delete/write capability increases risk. The skill writes its backups under the project ('.cleaner-backups') which is reasonable scope, but there is no mechanism described to require explicit user consent prior to destructive actions.
What to consider before installing
This skill appears to be a coherent project cleaner but gives an agent wide ability to read all files in your workspace, record file contents into snapshots, and perform deletions without requiring user confirmation. Before installing: 1) Do not run on a workspace that contains secrets or sensitive production data; test in an isolated repo or VM. 2) Inspect the full SKILL.md code yourself (or have someone you trust review it) to confirm what 'remove' operations do and whether there are safeguards. 3) Require manual confirmation for destructive actions — do not allow autonomous invocation to delete files. 4) Backup important data outside the project (separate storage) before use. 5) Consider restricting the skill's runtime permissions or path scope so it cannot traverse outside an allowed directory. If you need safer defaults, ask the author to add explicit confirmation prompts and scope limits (e.g., whitelist directories, skip files with sensitive extensions).Like a lobster shell, security has layers — review code before you run it.
latestvk971453vh3jpftnq9h5zs80qa182m4hq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.