Cleanup Reporter
PassAudited by ClawScan on May 1, 2026.
Overview
Cleanup Reporter is a local disk-scanning skill with no evident network exfiltration, but it does scan a hard-coded user profile and leaves local reports containing file metadata.
This skill appears safe for its stated purpose if you are comfortable with it scanning /mnt/c/Users/malav and writing local reports. Before installing, verify that the hard-coded path is appropriate for your machine, that ncdu and rdfind are trusted local binaries, and that you will review or delete generated report files if they contain private file names or paths.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can enumerate directories and file paths under the configured local user profile and include them in local output files.
The script runs local filesystem-analysis commands over a broad, hard-coded user directory. This fits the cleanup purpose, but users should notice the local traversal scope.
ncdu -o - /mnt/c/Users/malav | head -n 20 >> "$REPORT_FILE"
Confirm that /mnt/c/Users/malav is the intended scan target before use, and consider changing the script to scan a user-selected path.
The skill may fail or rely on locally installed tools that were not declared in the registry requirements.
The metadata under-declares dependencies even though the skill documentation and script use ncdu and rdfind. This is a setup/provenance clarity issue rather than evidence of malicious behavior.
Required binaries (all must exist): none; Required binaries (at least one): none
Install only after verifying the ncdu and rdfind binaries on your system, and prefer updated metadata that declares those dependencies.
Private file names, paths, and timestamps can remain on disk in ~/reports and /tmp/duplicates.txt.
The generated report persists local file timestamps and paths, including files matching 'resume'. This is expected for the stated report purpose but may expose sensitive local metadata if the report is later shared or read by another process.
find /mnt/c/Users/malav -iname "*resume*" -type f -printf "%T+ %p\n" | sort >> "$REPORT_FILE"
Review the generated report before sharing it, and delete ~/reports/cleanup_report_*.md and /tmp/duplicates.txt if you do not want that metadata retained.