delete-recovery
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about backing up and restoring files, but its workspace cleaner can automatically delete broad workspace files, so users should review it carefully before enabling.
This skill is not showing exfiltration or hidden endpoints, but it has real file-deletion authority. Before installing, decide whether you actually want scheduled workspace cleanup, run dry-run first, configure whitelists and expiry days, verify backup behavior, and remember that .delete_recovery may keep copies of deleted files after the skill is removed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Files in the workspace could be deleted unexpectedly or without a reliable backup if the cleanup rules match important files.
This describes broad, scheduled workspace cleanup that deletes files automatically, and says deletion may continue even when backup fails.
Scheduled (default 24-hour) scan of workspace for temp files and expired files (default 7 days), auto-backup then delete ... backup failures do not block deletion
Do not enable scheduled cleanup until you have run dry-run, reviewed the deletion list, configured whitelists, and confirmed backups must succeed before deletion.
Deleted files may remain recoverable and visible in backups or metadata longer than the user expects.
Deleted file copies and some metadata persist in a workspace-level data directory, which may retain sensitive information after uninstalling the skill.
Backups are stored in `{workspace}/.delete_recovery/delete_backup/`, outside the skill directory — they survive skill deletion ... filename/description still in plaintext.Treat .delete_recovery as sensitive local storage; review retention, clean old backups intentionally, and avoid backing up secrets unless necessary.
Users have less assurance that the installed scripts came from a verified or trusted source.
The skill itself discloses that there is no integrity verification during installation, and the registry source is listed as unknown.
No install-time integrity verification — deploy only in trusted environments.
Install only from a trusted registry/source and review or pin the exact files before using it on important workspaces.
Using the cleanup feature runs bundled Python code that can read, copy, and delete workspace files.
The cleaner invokes the bundled delete_recovery.py helper as a subprocess to back up files before cleanup; this is purpose-aligned and does not use shell=True, but it is still local code execution.
subprocess.run([sys.executable, str(DELETE_RECOVERY_SCRIPT), "backup", encoded, original, "workspace_cleaner"], ... cwd=str(WORKSPACE_ROOT))
Use it only after reviewing the included scripts and limiting cleanup to intended paths and file types.