Workspace Guardian
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Files the user may still want could be deleted or replaced without a separate confirmation step.
The skill instructs the agent to delete generated outputs, failed scripts, and older archived versions automatically, including when user intent may be ambiguous.
“再生成一个” | 暗示上一个不要 | 删除上一个 + 生成新的 … “致命错误(语法错误、依赖缺失、逻辑完全错误)→ 直接删除,不保留” … “保留最近 3 个版本,更早的删除”
Require explicit user confirmation before deletion, limit cleanup to files created in the current task, and prefer moving files to a clearly named trash/archive folder instead of permanent deletion.
If the user gives only a vague or relative location, the agent may choose a project directory according to this policy rather than asking for clarification.
The skill makes its file-placement policy authoritative over the agent’s default behavior when the user does not provide a full path.
“这条规则凌驾于你的默认行为之上。” … “除非用户明确指定了完整路径,否则你必须按本规则决定文件存放位置和命名方式。”
Ask for clarification when the project or destination is unclear, especially before creating, moving, or deleting files.
Accidental writes in configuration directories could affect future tool or agent behavior.
The skill treats persistent agent/configuration directories as normal file destinations without specifying file types, approval boundaries, or rollback behavior.
“Hermes Agent | ~/.hermes/ | 放在 Hermes 配置目录内” … “OpenClaw 配置 | ~/.openclaw/ | 放在 OpenClaw 配置目录内”
Use explicit confirmation before writing to hidden configuration directories and keep ordinary outputs outside config paths unless the user clearly requests a config change.