Skillv1.1.2

ClawScan security

Uninstaller · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 10:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with an uninstall utility: the scripts perform expected destructive cleanup (rm -rf, service disable, npm uninstall) and the SKILL.md documents how and when the agent should run them.
Guidance: This skill appears to do exactly what it says: schedule and run an uninstall of OpenClaw. Before using it: (1) Confirm you want to irreversibly delete the state directory (default: $HOME/.openclaw) and any profile dirs (~/.openclaw-*). If you have data to keep, back it up first or set OPENCLAW_STATE_DIR to a safe path. (2) Only run the IM-initiated scheduling flow when the agent is running on the actual host (host=gateway); otherwise schedule/uninstall will be created inside a container and lost. (3) Review the scripts yourself if you don’t trust the skill source — they are plain Bash and readable. (4) Be aware optional notifications will attempt to send email via the local mail command or post to ntfy.sh (outbound network). (5) If you’re unsure about automated scheduling, run uninstall-oneshot.sh manually after reviewing logs. Finally, treat this as a destructive maintenance tool and use the verify-clean.sh read-only check first if you only want to detect residue.

Review Dimensions

Purpose & Capability: okName/description (Uninstaller for OpenClaw) match the provided artifacts. The scripts stop services, remove state and profile dirs, uninstall global npm package, and remove macOS app files — all actions you would legitimately expect from an uninstall tool.
Instruction Scope: noteSKILL.md clearly instructs the agent how to schedule/run the provided scripts and warns that the IM-initiated flow must run on the host (host=gateway). Scripts are destructive (rm -rf on state/profile dirs and removing system service files) which is appropriate for an uninstaller, but users should be aware these actions are irreversible and require host-level access. The verify-clean script is read-only as documented.
Install Mechanism: okNo install spec; this is instruction + script only. There are no downloads or package installs performed by the skill itself, so the install mechanism is low-risk and proportional.
Credentials: okThe skill does not request credentials or environment variables. It respects OPENCLAW_STATE_DIR if set. Optional notification parameters may cause the scripts to call local mail or post to ntfy.sh using curl — these are reasonable for optional notifications but do introduce outbound network use when the user requests notifications.
Persistence & Privilege: okSkill is not always-on and does not request elevated platform persistence. It schedules a one-shot uninstall via system facilities (systemd/launchctl) when invoked, which is expected behavior for scheduling a deferred local action. The skill does require the agent to execute on the host rather than in a sandbox for the IM-initiated flow.