Rm Tool
PassAudited by VirusTotal on May 1, 2026.
Overview
Type: OpenClaw Skill Name: rm-tool Version: 1.0.0 The rm-tool is a standard file removal utility implemented in Python (scripts/rm.py) that provides basic functionality for deleting files and directories using shutil.rmtree and os.remove. The documentation (SKILL.md) accurately describes its purpose, and the code contains no evidence of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent chooses the wrong path or is prompted into using this tool broadly, important files or directories could be permanently deleted.
The script performs irreversible file and recursive directory deletion on user-supplied paths, with no confirmation, path allowlist, trash/quarantine behavior, or dry-run safeguard.
if os.path.isdir(p) and args.recursive:
shutil.rmtree(p)
elif os.path.isfile(p):
os.remove(p)Use only with explicit per-action user approval. Prefer adding safeguards such as dry-run mode, path restrictions, blocking root/home/protected paths, and moving files to trash instead of permanent deletion.
A small mistake, wildcard expansion, or misunderstood target could remove large parts of a project or user directory.
The documented workflow encourages recursive force deletion; a single mistaken directory target can cascade across many files and subdirectories.
rm-tool -rf temp_directory/
Require the agent to show the exact resolved paths and obtain explicit confirmation before recursive or force deletion, and avoid allowing autonomous use of this skill.
Users may believe they can rely on a confirmation prompt that the actual tool does not provide.
The documentation advertises an interactive confirmation option, but the included script only defines recursive and force options and does not implement interactive prompting.
- `-i`: Interactive (prompt before each removal)
Implement the documented interactive option before use, or remove the claim and clearly state that deletions happen immediately.