ClawHub

workspace-health-monitor

v1.0.0

Performs comprehensive workspace health checks including disk usage, file counts, skill health, large files, and empty directories with actionable recommenda...

0· 52·0 current·0 all-time
by@jpengcheng523-netizen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the code and SKILL.md: functions compute disk usage, file counts, large files, empty directories, and skill health. The required capabilities (filesystem read access to a provided workspace path) are proportionate to the stated purpose.
Instruction Scope
The SKILL.md and index.js instruct the agent to recursively read the provided workspace path and report file names, sizes, and skill directory contents. This is expected, but it means the skill will enumerate any directory you point it at (including potentially sensitive files if you run it at root or on a home directory). Also note minor inconsistencies in examples: SKILL.md shows require('./skills/workspace-health-monitor') while code lives in index.js at the package root, and package.json's test script calls a .main() that is not obviously defined in the provided index.js (truncated file prevents 100% confirmation).
Install Mechanism
No install spec; the skill is instruction+code only and does not download or install external packages. This lowers the installation risk.
Credentials
The skill requests no environment variables or credentials and accesses no config paths. Its filesystem reads are limited to the workspace path supplied at runtime, which is appropriate for its function.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes. It does not modify other skills or system configuration.
Assessment
This skill appears to be what it claims: a read-only workspace health checker. Before running it: - Run it only against the intended workspace path (avoid using '/' or your entire home directory) because it will recursively enumerate filenames and sizes and could surface sensitive files. - Expect blocking synchronous filesystem I/O on large trees; run in a container or with appropriate timeouts if needed. - Be aware of small documentation mismatches: the SKILL.md example path and package.json test may not match how the module is actually exported; test locally first to confirm the exported API before using it in automation. - Because the agent can output the collected report, treat that output as potentially sensitive and avoid sending it to untrusted remote endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk970y1vfyy5c9zn00dhm8mcwsn83pfrm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments