Workspace Trash
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: workspace-trash Version: 1.2.0 The workspace-trash skill is a safety utility designed to prevent accidental file loss by implementing a recoverable trash system. The implementation in trash.sh and SKILL.md demonstrates high security awareness, employing symlink resolution to prevent path traversal and using environment variables to pass data to Node.js scripts, which effectively mitigates shell injection risks. The operations are strictly scoped to the ~/.openclaw directory, and no suspicious network activity, data exfiltration, or obfuscation was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Deletion requests for OpenClaw files may be handled by this skill automatically, changing normal rm/delete behavior into a recoverable move-to-trash workflow.
The skill intentionally changes the agent's behavior for deletion requests so files are trashed instead of permanently removed.
Also use when the agent needs to rm/delete/remove any file — always trash instead of permanently deleting.
Install only if you want this protective behavior, and explicitly request permanent deletion only through the documented trash-emptying flow.
If the trash is emptied, files in the trash cannot be restored through this skill.
The empty action permanently deletes trash contents with rm -rf. This is disclosed and purpose-aligned, but it is irreversible.
find "$TRASH_DIR" -mindepth 1 -not -name '.manifest.json' -exec rm -rf {} +Before running /trash:empty or trash.sh empty, list the trash contents and confirm you no longer need them.
The skill may fail or behave differently if the required local tools are missing, even though the registry summary does not list them.
The registry requirement summary does not declare required binaries, while SKILL.md documents that node and POSIX utilities are needed. This is an installation/preflight clarity issue rather than hidden behavior.
Required binaries (all must exist): none
Ensure node, mv, cp, rm, find, awk, date, basename, and dirname are available before relying on the skill.
If the manifest is modified incorrectly, restore operations may fail or restore files to unexpected locations.
Restore behavior depends on the persistent .manifest.json file, including original paths. This is expected for a trash feature, but corrupted or manually edited manifest entries could affect restore destinations.
const m = JSON.parse(fs.readFileSync(process.env.TRASH_MANIFEST, "utf8")); ... const entry = m[idx]; ... spawnSync("mv", ["--", trashPath, entry.originalPath]Do not manually edit .trash/.manifest.json; future hardening could re-validate manifest paths during restore.