Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Nightly Workspace Audit
v1.0.0Nightly workspace audit — auto-discover file dependencies by scanning all workspace files for cross-references, manage HOT/WARM/COLD memory tiers, detect orp...
⭐ 0· 21·0 current·0 all-time
byHong Pengfei@emrys-hong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the actions in SKILL.md: scanning workspace files, building dependency graphs, and moving/archiving/cleaning files is consistent with a 'workspace audit'. Requesting no external credentials or installs is proportionate. Note: the skill expects access to workspace filesystem and agent-internal tooling (cron list, memory_search), which is reasonable for this purpose but high-impact.
Instruction Scope
The SKILL.md instructs the agent to read every .md/.json under workspace/, inspect cron job prompts and recent session transcripts (via memory_search), and to perform merges, deduplications, prunes, renames, and moves — including deleting entries and moving files to archive. Criteria for destructive actions are heuristic and sometimes vague ("confirmed no longer useful"), and there is no explicit step requiring user confirmation or a dry-run. The file referenced for local overrides is inconsistently named (mentions both local-overrides.md and references/local-overrides.md). These open-ended edit instructions create a real risk of unintended data loss.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes supply-chain risk; nothing will be written to disk by an installer.
Credentials
The skill declares no required env vars, no credentials, and no config paths. Its need to read workspace files, cron entries, and session transcripts is proportional to the stated auditing purpose. However, the instructions implicitly rely on agent-internal tools (e.g., memory_search, cron list) that are not listed as explicit dependencies — reasonable but worth confirming with the platform.
Persistence & Privilege
always:false (good). The skill will modify workspace state (create/rename/move/delete files) when invoked; autonomous model invocation is allowed by platform default. Combined with the ambiguous deletion rules, this grants significant destructive capability during normal runs — recommend requiring explicit user confirmation or a safe dry-run mode before making changes.
What to consider before installing
This skill appears to do what it says (scan and clean an OpenClaw workspace) and does not request network credentials or external installs, which is good — but it will autonomously modify and delete workspace files based on heuristic rules. Before installing or running it: 1) insist on a dry-run mode that reports proposed changes without applying them; 2) require explicit user confirmation for any deletions/renames/moves; 3) back up your workspace first; 4) verify how it accesses session transcripts and cron jobs (ensure it only reads data you expect it to); and 5) clarify the local-overrides file path and keep a protected list of files the skill must never auto-modify.Like a lobster shell, security has layers — review code before you run it.
latestvk974zndfv42vncc77z3anaw0wd845ph7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.