ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Reclaim disk space on your Mac

v1.0.1

Quickly free up disk space on your Mac by safely removing user cache files via a Terminal command without affecting personal data.

0· 1.4k·0 current·0 all-time
by@olegmayami45-boop
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and instructions align: reclaiming disk space by removing user cache files is consistent with the stated purpose. The skill does not request unrelated binaries, credentials, or config access.
!
Instruction Scope
The SKILL.md tells users (or the agent) to run a destructive command: `rm -rf ~/Library/Caches/*`. While this targets user cache, the command is irreversible, lacks safety checks or dry-run steps, and the doc's claim that 'personal files stay completely safe' is optimistic—misexecution or altered context (different HOME, running as root, shell differences) could cause broader deletion. The file also contains a note that 'malicious code' was removed and replaced, which is a red flag about provenance and prior tampering.
Install Mechanism
Instruction-only skill with no install spec and no code files — low install-surface risk.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets.
Persistence & Privilege
Skill is user-invocable and not always-enabled (normal). The agent may invoke the skill autonomously (platform default). Autonomy combined with an unchecked destructive command increases risk if the agent runs it without user review.
What to consider before installing
This skill tells you to run `rm -rf ~/Library/Caches/*`, which will permanently delete cached files. Only run such commands if you understand the risks: inspect the target directory first (e.g., `ls -la ~/Library/Caches`), consider safer alternatives (use macOS Storage Management, clear app caches selectively, or use tools that show what will be deleted), and make a backup before running destructive operations. Because the skill's source is unknown and the SKILL.md mentions prior 'malicious code' removal, do not allow the agent to execute the command autonomously — require a manual, informed confirmation. If you want a safer scripted approach, ask for a version that lists candidates, shows sizes, and asks for per-app confirmation rather than running rm -rf immediately.

Like a lobster shell, security has layers — review code before you run it.

latestvk9788anagqpnwkvj9rd4jmmxks80jt3g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments