ClawHub

Workspace Maintenance

v1.0.0

Maintain workspace documentation hygiene and discoverability. Use when organizing markdown sprawl, updating doc indexes, archiving stale progress/status snap...

0· 609·5 current·6 all-time
byJuici Frameworks@houseofjuici
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims generic workspace maintenance but the bundled script uses a hard-coded path (/Users/ineluxx/.openclaw/workspace/...), binding it to a specific user's environment. A generic maintenance skill would normally accept a configurable workspace root rather than a fixed home path.
!
Instruction Scope
SKILL.md gives broad, partially manual instructions (e.g., 'Move stale snapshot... to archive buckets', 'Regenerate or refresh docs index') but only the dry-run script is provided. The agent could be instructed to perform file moves and index updates across the workspace; those actions are not codified or constrained, giving the agent wide discretion over filesystem changes.
Install Mechanism
No install spec (instruction-only plus a small local script). Nothing is downloaded or written during installation by the skill itself.
Credentials
The skill requests no environment variables or credentials, which is appropriate. However, the script references absolute filesystem paths tied to a particular user and also lists other absolute legacy paths; that is unexpected for a generic skill and could cause it to read or write files outside the intended workspace if executed on a host where those paths exist.
Persistence & Privilege
always is false, no install-time persistence is requested, and the skill does not attempt to modify other skills or global settings.
What to consider before installing
This skill is not clearly malicious, but it has red flags you should address before installing or running it. The bundled script is hard-coded to /Users/ineluxx/... which makes it specific to one environment — change the script to accept a configurable workspace root (or use an environment variable) and test on a disposable copy first. Be cautious because SKILL.md allows broad file-moving steps that are not implemented in code; ensure any automated 'move' actions are explicit, reversible (keep manifests), and reviewed by a human. Run the dry-run output and inspect it before performing any moves; restrict the agent's permissions so it cannot modify unrelated system or other users' files. If you don't control the script source, ask the author why paths are hard-coded and request a configurable version or remove the script entirely.

Like a lobster shell, security has layers — review code before you run it.

latestvk976808j236ny3m6z0samdg87581frdt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments