Skillv1.0.3

ClawScan security

Mac Cleaner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 18, 2026, 9:49 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requested actions (writing local Node scripts, cleaning caches, optionally registering a cron job) align with its stated purpose, but you should inspect the exact deletion logic and consent prompts before installing.
Guidance: This skill is coherent for a Mac cleanup utility, but before installing: (1) ask the agent to show you the full SKILL.md and the exact Node.js files it will write (inspect them yourself or paste them here for review), focusing on the deletion logic and allowed-path checks; (2) refuse to grant sudo and confirm that the cron job will only run the local script under your user account; (3) run an initial dry-run (--dry-run) to preview deletions; (4) back up any important data or snapshots before first real run; and (5) if the truncated portion (ALLOWED_PREFIXES and delete routines) is missing or unclear, treat this as a blocker — do not install until you can verify it never deletes outside the intended safe directories.

Review Dimensions

Purpose & Capability: okThe name/description (a macOS disk-cleaner) matches what the skill requests and does: it writes local Node.js scripts into an agent workspace and uses local commands (fs, child_process, brew, npm, du, df) to remove caches and stale build artifacts. No unrelated credentials, network access, or elevated privileges are requested.
Instruction Scope: noteThe SKILL.md plainly instructs the agent to create an agent directory, write multiple Node.js files, and run local cleanup commands; that is within scope. However the runtime instructions will cause the agent to run shell commands and execute the written Node.js scripts that perform deletions — so you should review the written files (especially the deletion/path-checking logic) before consenting. The provided snippet was truncated where deletion-safeguards appear to be defined (ALLOWED_PREFIXES), so I cannot fully verify the safety checks.
Install Mechanism: okInstruction-only skill with no installer or external downloads. It relies on Node.js built-ins and existing system tools; nothing is fetched from external URLs. This is the lower-risk category for install mechanics.
Credentials: okNo environment variables, credentials, or system config paths are requested. The targets it intends to clean (user caches, logs, trash, npm/Homebrew caches, .next builds) are consistent with a cleanup tool and with the declared scope.
Persistence & Privilege: noteThe skill will persist by writing scripts under ~/.openclaw/workspace/agents/mac-cleaner/ and (optionally, with explicit consent) registering a weekly cron job. It does not request always:true or any elevated/sudo permissions. Persisting in the agent workspace and adding a cron job are reasonable for a weekly cleaner but increase blast radius — ensure you explicitly consent to the cron registration and review what the cron will run.