Janitor
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: workspace-janitor Version: 1.0.0 The skill is designed for maintenance and cleanup, which involves reading and organizing files. However, it explicitly instructs the agent to check `TOOLS.md` for "API keys and configs" and to "Verify all agent skill configs." This grants the agent access to potentially sensitive credential files, creating a vulnerability for data exposure if the agent were to be compromised by a subsequent prompt injection. The `SKILL.md` also contains a defensive instruction not to touch `SOUL.md`, `USER.md`, or `IDENTITY.md`, implying the agent has the capability to access these sensitive files if not explicitly forbidden.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Files may be moved, archived, deleted, or rewritten as part of cleanup before the user has reviewed the exact changes.
The skill directs the agent to perform broad workspace cleanup actions, not just produce a report, and does not require user approval before most mutations.
Workflow 1. Receive maintenance task or run scheduled check 2. Scan workspace against checklists 3. Execute cleanup actions
Run this skill in dry-run/report-only mode by default, require explicit approval for every archive/delete/edit, and limit it to specific directories with clear exclusions.
Sensitive API key or configuration details could be read into agent context or accidentally included in maintenance reports.
The skill asks the agent to inspect API key/config information, but the metadata declares no credential contract and the instructions do not define secret redaction or output boundaries.
- [ ] TOOLS.md — API keys and configs still accurate?
Restrict credential checks to non-secret metadata, require user confirmation before opening credential files, and explicitly redact secrets from reports and memory.
Incorrect, stale, or private information from daily notes could become part of future agent context.
The skill intentionally persists summarized information into reusable agent memory, which is purpose-aligned but can carry mistakes or sensitive details into future tasks.
- [ ] Update MEMORY.md with distilled learnings from daily notes
Review memory diffs before saving, cite source notes, avoid secrets, and keep a reversible archive of prior MEMORY.md versions.
Cleanup could happen when the user is not actively supervising the workspace.
The skill is designed for background/scheduled maintenance; this is disclosed and purpose-aligned, but it increases risk when combined with file mutation authority.
Don't use for urgent tasks — Janitor handles background hygiene.
Disable autonomous scheduling unless desired, and require interactive confirmation for any mutating background run.