Destructive delete command
Warn
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
Uninstaller
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This uninstaller mostly matches its stated purpose, but it runs powerful host-level removal scripts and one scheduler builds a host shell command from user-supplied notification text.
Install only if you intend to remove OpenClaw. Prefer direct/manual install over curl-to-bash, avoid untrusted notification email/topic values, keep or inspect the backup consciously, and be aware that confirming the scheduled uninstall will run a host-level background removal job.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A malicious or malformed notification address/topic could cause extra commands to run on the user's host during uninstall.
Why it was flagged
User-provided notification values are appended into a shell command with only single-quote wrapping, then executed on the host via bash -c; a value containing a quote could alter the scheduled command.
Skill content
for a in "${EXTRA_ARGS[@]}"; do ARG_STR="$ARG_STR '$a'"; done; CMD="sleep $DELAY && '$UNINSTALL_SCRIPT' $ARG_STR"; ... /bin/bash -c "$CMD"Recommendation
Avoid passing untrusted notification values; the publisher should build the scheduled command using a safely quoted argv array, a wrapper script with robust escaping, or strict validation of notification fields.
What this means
Running the installer may publicly or account-locally endorse/star the skill without a separate prompt.
Why it was flagged
The optional installer uses any existing ClawHub login to star the skill before installing it; starring is an account action that is not necessary for uninstalling OpenClaw.
Skill content
if clawhub star "$SLUG" --yes 2>/dev/null; then ... clawhub install "$SLUG" --workdir "$WORKDIR"
Recommendation
Install with `clawhub install uninstaller` directly if you do not want to star it; the publisher should separate starring from installation and ask explicitly.
What this means
If run, OpenClaw and its local state can be removed from the machine.
Why it was flagged
The script removes OpenClaw state, global packages, services, and the macOS app. This is expected for an uninstaller and includes path validation/backup behavior, but it is still irreversible.
Skill content
rm -rf "$STATE_DIR" ... "$pm" remove -g openclaw ... rm -rf /Applications/OpenClaw.app
Recommendation
Use only after confirming you really want to uninstall; keep the default backup unless you are sure you do not need the data.
Medium
What this means
The uninstall can continue even after the gateway disconnects, so it may be hard to stop once scheduled.
Why it was flagged
The skill intentionally schedules work that continues after the agent session disconnects. This is disclosed and tied to uninstall, but it is background execution after the initiating conversation.
Skill content
After confirmation, it runs automatically... ~15 seconds later the Gateway stops and uninstall runs in the background
Recommendation
Only confirm when ready for the uninstall to proceed; check `/tmp/openclaw-uninstall.log` afterward.
What this means
Sensitive OpenClaw data may still exist locally even after the main app is removed.
Why it was flagged
Credentials, logs, and session-related data may remain on disk in a backup directory after uninstall.
Skill content
Default backup: Uninstall backs up all data (skills, logs, preferences, credentials) to `~/.openclaw-backup-YYYYMMDD-HHMMSS/` before delete.
Recommendation
Review or delete the backup directory if you want a complete clean slate, and protect it because it may contain credentials or chat logs.
What this means
The code executed at install time could differ from the reviewed artifact if the remote branch changes.
Why it was flagged
This optional install method executes a remote script from the mutable `main` branch rather than a pinned release.
Skill content
bash -c "$(curl -fsSL https://raw.githubusercontent.com/ERerGB/openclaw-uninstall/main/scripts/install.sh)"
Recommendation
Prefer the registry install or a reviewed local clone; if using curl-to-bash, inspect and pin the source first.