ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cleanup Reporter

v0.1.0

Scan your machine for large directories, duplicate files, and stale resume files.

0· 157·0 current·0 all-time
byMalavya Raval@malavyaraval
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to 'scan your machine' but the script is hardcoded to scan /mnt/c/Users/malav and specific subfolders (Documents, Downloads) rather than the current user's home or configurable paths. SKILL.md lists required tools (ncdu, rdfind) but the registry metadata declared no required binaries; the given runtime command 'cleanup-reporter-scan' is not provided by the bundle. These mismatches suggest the code is not aligned with the advertised, general-purpose capability.
!
Instruction Scope
Instructions claim 'operates entirely locally' and the script does operate locally, reading file lists and writing reports. However the script will read a specific filesystem location (/mnt/c/Users/malav/*) which may not be the installing user's data and could either fail or unintentionally target another user's files. The script writes duplicate lists to /tmp/duplicates.txt and generates reports in ~/reports, which may contain sensitive filenames. The SKILL.md also instructs running a command that isn't packaged, giving unclear runtime behavior.
Install Mechanism
There is no install spec (instruction-only skill with an included script), which is low risk from remote code download perspective. But because the script expects external binaries (ncdu, rdfind) and a top-level command name that isn't provided, the deployment/usage model is unclear and may cause failures or unexpected manual steps.
!
Credentials
The script only reads HOME (normal) and no secrets, which is proportionate. However it reads a hardcoded path outside the current HOME (/mnt/c/Users/malav/*). Requesting access to specific other-user paths without explanation is disproportionate to a generic cleanup reporter. It also writes a temporary duplicates file to /tmp which may expose sensitive filenames to other local users.
Persistence & Privilege
The skill does not request persistent or elevated privileges and always:false. It only writes files to the user's ~/reports and /tmp, and does not modify other skills or system-wide configs.
What to consider before installing
Do not install blindly. Things to check before using: (1) The scanner is hardcoded to /mnt/c/Users/malav — if that is not your account, the script will either fail or scan someone else's Windows user folder; prefer a version that uses $HOME or accepts a configured target path. (2) The registry says no required binaries, but SKILL.md and the script need ncdu and rdfind; install/verify those tools first. (3) The bundle does not provide the advertised cleanup-reporter-scan command — confirm how the agent will invoke the script. (4) The script writes /tmp/duplicates.txt and ~/reports/cleanup_report_*.md which may contain sensitive filenames; consider running it interactively or in a sandbox and inspect outputs before sharing. (5) If you trust the author, ask them to parameterize the scan path, add an install step or wrapper for the advertised command, and document required binaries. If you do not trust it, avoid installing or run it manually after reviewing and editing the script to target only your intended directories.

Like a lobster shell, security has layers — review code before you run it.

latestvk972bjwk8ez5r7tr70747xfs8x82yz6q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧹 Clawdis

SKILL.md

Cleanup Reporter Skill

This skill helps you identify disk space hogs, duplicate files, and stale data on your machine.

Tools

  • ncdu: Visual disk usage analyzer
  • rdfind: Duplicate file finder

Usage

  • Run cleanup-reporter-scan to perform a scan and generate a report.
  • It will create a report file in ~/reports/cleanup_report_YYYY-MM-DD.md.

External Endpoints

  • None. This skill operates entirely locally.

Security & Privacy

  • What leaves the machine: Nothing.
  • What is accessed: Local directories /mnt/c/Users/malav for scanning.
  • Data persistence: Only the generated markdown report and rdfind temp files are written to disk.

Model Invocation Note

This skill is invoked autonomously by OpenClaw when triggered by the user to perform cleanup tasks.

Trust Statement

By using this skill, you allow the agent to scan your local file system. Only install if you trust the agent's access to your local files.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…