Destructive delete command
Warn
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
Uninstaller
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent OpenClaw uninstaller, but its host-run scheduler can build shell commands from notification text, creating a command-execution risk.
Install only if you intentionally want to remove OpenClaw. Prefer running without notification options until the scheduler quoting issue is fixed, verify the target OpenClaw paths first, and back up anything important under your OpenClaw state/profile directories.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A malicious or malformed email address or ntfy topic supplied through the chat flow could cause arbitrary commands to run on the host during the scheduled uninstall.
Why it was flagged
User-provided notification values are placed into a shell command string and executed with bash -c on the host. Values containing a single quote or shell syntax could break out of the intended argument and run commands beyond the uninstall workflow.
Skill content
[[ -n "$NOTIFY_EMAIL" ]] && EXTRA_ARGS+=(--notify-email "$NOTIFY_EMAIL") ... ARG_STR="$ARG_STR '$a'" ... CMD="sleep $DELAY && '$UNINSTALL_SCRIPT' $ARG_STR" ... /bin/bash -c "$CMD"
Recommendation
Do not use notification options from untrusted chats. The maintainer should validate email/topic values and avoid bash -c string construction, using safe argument arrays or robust shell escaping instead.
What this means
Running the uninstall will remove OpenClaw data and profiles, and a misconfigured state directory could remove unintended local data.
Why it was flagged
The script performs irreversible deletions of OpenClaw state and profile directories. That matches the stated uninstall purpose, but users should verify the target paths, especially if OPENCLAW_STATE_DIR is customized.
Skill content
STATE_DIR="${OPENCLAW_STATE_DIR:-$HOME/.openclaw}" ... rm -rf "$STATE_DIR" ... for d in "$HOME"/.openclaw-*; do ... rm -rf "$d"Recommendation
Run the read-only verification first, back up important OpenClaw data, and confirm OPENCLAW_STATE_DIR and profile paths before uninstalling.
What this means
Once scheduled, the uninstall may continue even after the chat session disconnects, making accidental approval harder to reverse.
Why it was flagged
The skill intentionally schedules a delayed background uninstall so it can continue after the gateway/session disconnects. This is disclosed and purpose-aligned, but it is still persistent background activity.
Skill content
CMD="sleep $DELAY && '$UNINSTALL_SCRIPT' $ARG_STR" ... systemd-run --user --onetime --unit=openclaw-uninstall ... || (nohup bash -c "$CMD" >> "$LOG_FILE" 2>&1 &)
Recommendation
Only confirm scheduling if you truly want a complete uninstall; if scheduled by mistake, immediately cancel the launchd/systemd/nohup job before the delay expires.
What this means
It is harder to confirm that the published package corresponds to a trusted upstream repository.
Why it was flagged
For a skill that asks the agent to run host-level cleanup scripts, missing registry source and homepage metadata reduces provenance transparency, even though the submitted script contents are visible here.
Skill content
Source: unknown; Homepage: none
Recommendation
Verify the publisher and compare the scripts with a trusted source before allowing host-level uninstall actions.