ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Defragmenter

v1.0.0

Structural knowledge defragmentation for OpenClaw workspaces. Finds information, rules, and operational facts that are spread across the wrong files or embed...

0· 23·0 current·0 all-time
byIvan Balukov@balukov
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (reorganize workspace knowledge) match the provided instructions: the skill only needs to read and rewrite workspace files and declares no binaries, installs, or credentials.
!
Instruction Scope
SKILL.md directs the agent to find fragmented knowledge and rewrite or copy it into source-of-truth files. It explicitly lists targets including memory files, flow files, operational scripts, and 'skill configuration or supporting notes' — allowing broad file access and in-place modifications across the workspace. There are no explicit guardrails (scoped paths, confirmation steps, dry-run mode, or rules for preserving file integrity) so the agent could make wide-ranging changes without user review.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code files. Lowest install risk.
Credentials
The skill requests no environment variables, credentials, or external config paths. There is no disproportionate credential access.
!
Persistence & Privilege
always is false and the skill is user-invocable, but SKILL.md lists 'skill configuration or supporting notes' among targets. That implies the skill could modify other skills' configuration or operational scripts within the workspace. Combined with autonomous invocation being allowed (the platform default), this creates a notable risk unless the agent is constrained to require user confirmation before edits.
What to consider before installing
This skill's goal (reorganizing fragmented workspace knowledge) is reasonable, but it currently gives the agent broad discretion to edit many kinds of files — including operational scripts and skill configuration — without explicit limits or safety steps. Before installing or running it: 1) require a dry-run or preview of proposed edits and review diffs before applying changes; 2) run it on a branch or copy of the workspace, not production files; 3) back up important files (or use version control) so changes can be reverted; 4) restrict its scope to specific directories/files when possible; and 5) avoid granting elevated permissions or running it in environments with secrets or live service credentials. If the author can add explicit guardrails (scoped targets, confirmation prompts, read-only/dry-run mode, and refusal to touch skill configs unless explicitly permitted), the risk would be substantially reduced.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fcyeqnmz688gjhhz4t372k984e9t7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments