c-cleaner
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does what it says, but it can delete local files and its safety claims are stronger than what the included code actually enforces.
Use this only on Windows and start with --dry-run. Review the exact paths and sizes before approving deletion, do not use --yes unless you intentionally want unattended cleanup, and make your own backup or restore point because the provided code does not show the advertised restore protection.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with the no-confirm option or without reviewing a dry run, files in temp/cache/update locations, and in aggressive mode the Recycle Bin, can be permanently removed.
The script performs recursive destructive cleanup of target directories and includes an option to skip confirmation, which conflicts with the skill's stated rule that cleanup must require explicit user confirmation.
parser.add_argument("--yes", action="store_true", help="跳过确认") ... if item.is_file(): item.unlink() ... elif item.is_dir(): shutil.rmtree(item)Require a dry-run report and explicit user approval before any cleanup; avoid autonomous use of --yes and consider removing or restricting that option.
A user may believe the cleanup is reversible or risk-free when the included code does not demonstrate those safeguards.
The documentation presents the safe cleanup level as 'no risk' and advertises backup/restore-point protections, but the provided cleanup script shows deletion and logging only, with no visible backup or restore-point implementation.
| `safe` | 临时文件、更新缓存 | 无风险 | ... 清理前自动备份关键数据 ... 清理前创建还原点(如可能)
Treat the cleanup as potentially destructive, create your own restore point or backup first, and update the skill documentation or code so the safety claims match the implementation.
The scan may expose local file-path metadata in the conversation or generated reports, though no network exfiltration is shown.
The scanner collects local personal-folder paths and size metadata into reports. This is purpose-aligned for disk analysis, but those paths can reveal private folder or application names to the agent context.
user_dirs = ["Desktop", "Documents", "Downloads", "Pictures", "Videos", "Music", "AppData"] ... "path": str(dir_path)
Review reports before sharing them and avoid scanning or exporting directories whose path names are sensitive.
Users cannot inspect the referenced safety notes before relying on the cleaner.
The skill references a safety document that is not included in the provided file manifest, leaving some promised safety guidance unavailable for review.
**安全须知**: `references/safety.md` - 清理操作安全注意事项
Add the missing safety document or remove the reference, and verify the bundled scripts directly before running cleanup.