Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Uninstaller
v1.0.0-4e6ce7fGuides users through safely uninstalling OpenClaw (龙虾). Use when user asks how to remove/uninstall OpenClaw, wants to clean up completely, or mentions paid c...
⭐ 0· 416·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (uninstall OpenClaw) align with the included scripts and docs. All main scripts (schedule-uninstall.sh, uninstall-oneshot.sh, verify-clean.sh, helpers) relate to uninstall, backup, scheduling, and verification. Publishing/CI docs reference tokens (CLAWHUB_TOKEN, GITHUB_TOKEN) used only for repo publishing, which is maintenance-related but not required for runtime uninstall.
Instruction Scope
SKILL.md instructs the agent to schedule or run provided scripts (schedule-uninstall.sh, uninstall-oneshot.sh, verify-clean.sh). These scripts perform destructive operations (rm -rf of ~/.openclaw or .openclaw-*) by design; the SKILL.md explicitly requires confirmation and host=gateway for IM-initiated uninstalls. The skill does not ask the agent to read unrelated files or secrets, but it does back up and optionally preserve credentials (see uninstall-oneshot.sh) which is expected for a stateful uninstall but worth noting.
Install Mechanism
No automated install spec is declared; the repo contains install and publish helper scripts but nothing is fetched from arbitrary external URLs. The README suggests common install flows (clawhub install, curl from GitHub) but the skill package itself contains only scripts and docs — no remote download/install step in the skill metadata that would introduce high risk.
Credentials
The skill declares no required env vars or credentials. Runtime scripts do access user-state paths (default $HOME/.openclaw) and may copy credentials into a backup directory when backing up state. This is proportionate to an uninstall that offers optional preservation/backup, but users should understand backups may include saved API keys/tokens from ~/.openclaw/credentials. Publish-related scripts reference CI tokens (CLAWHUB_TOKEN, GITHUB_TOKEN) for maintainer ops, which are unrelated to uninstall functionality.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configurations. It can schedule a one-shot job on the host (launchd/systemd/nohup), which is necessary to perform a host-level uninstall; SKILL.md explicitly requires host=gateway for that capability. Autonomous invocation is allowed (default) but this is normal for skills; there is no unusual permanent privilege requested.
Assessment
This skill appears to be what it says: a community-maintained OpenClaw uninstaller with safety checks (dry-run, validate paths, sandbox detection). Before installing/running: (1) Only run IM-initiated uninstall when you intend to remove OpenClaw and ensure the agent's exec runs on the actual host (host=gateway) — otherwise the one-shot will fail or be lost. (2) Review and, if desired, run ./scripts/verify-clean.sh first to see residue without deleting anything. (3) Understand backups: by default the uninstall backs up state (including credentials under ~/.openclaw/credentials) to ~/.openclaw-backup-*, and the --preserve-state option can keep state (including credentials) for reinstall inheritance. If you want a truly clean uninstall, use --no-backup and avoid --preserve-state. (4) The repository includes publish/CI helper scripts that reference tokens (CLAWHUB_TOKEN, GITHUB_TOKEN) — those are for maintainers and are not required to run the uninstall. (5) If you have any doubt, inspect the uninstall-oneshot.sh and schedule-uninstall.sh scripts yourself (they include clear safety checks) and test with --dry-run before doing a real uninstall.Like a lobster shell, security has layers — review code before you run it.
latestvk972xj94bhwff9f6mw7n6cmxw983z8mr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.