c-cleaner
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: c-cleaner Version: 1.0.0 The 'c-cleaner' skill bundle is a utility designed for Windows disk space analysis and cleanup. It includes scripts for scanning directory usage (scan_c_drive.py), identifying large files (find_large_files.py), and performing deletions of temporary or cache files (clean_c_drive.py). The skill incorporates several safety mechanisms, including a mandatory dry-run preview, explicit exclusion of critical system directories (e.g., System32), and a requirement for user confirmation before any actual deletion occurs. While clean_c_drive.py contains a hardcoded log path (C:\Users\18785\...), this appears to be a developer oversight rather than a malicious indicator, and no evidence of data exfiltration or unauthorized execution was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with the no-confirm option or without reviewing a dry run, files in temp/cache/update locations, and in aggressive mode the Recycle Bin, can be permanently removed.
The script performs recursive destructive cleanup of target directories and includes an option to skip confirmation, which conflicts with the skill's stated rule that cleanup must require explicit user confirmation.
parser.add_argument("--yes", action="store_true", help="跳过确认") ... if item.is_file(): item.unlink() ... elif item.is_dir(): shutil.rmtree(item)Require a dry-run report and explicit user approval before any cleanup; avoid autonomous use of --yes and consider removing or restricting that option.
A user may believe the cleanup is reversible or risk-free when the included code does not demonstrate those safeguards.
The documentation presents the safe cleanup level as 'no risk' and advertises backup/restore-point protections, but the provided cleanup script shows deletion and logging only, with no visible backup or restore-point implementation.
| `safe` | 临时文件、更新缓存 | 无风险 | ... 清理前自动备份关键数据 ... 清理前创建还原点(如可能)
Treat the cleanup as potentially destructive, create your own restore point or backup first, and update the skill documentation or code so the safety claims match the implementation.
The scan may expose local file-path metadata in the conversation or generated reports, though no network exfiltration is shown.
The scanner collects local personal-folder paths and size metadata into reports. This is purpose-aligned for disk analysis, but those paths can reveal private folder or application names to the agent context.
user_dirs = ["Desktop", "Documents", "Downloads", "Pictures", "Videos", "Music", "AppData"] ... "path": str(dir_path)
Review reports before sharing them and avoid scanning or exporting directories whose path names are sensitive.
Users cannot inspect the referenced safety notes before relying on the cleaner.
The skill references a safety document that is not included in the provided file manifest, leaving some promised safety guidance unavailable for review.
**安全须知**: `references/safety.md` - 清理操作安全注意事项
Add the missing safety document or remove the reference, and verify the bundled scripts directly before running cleanup.