ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Disk Cleanup

Automated disk space cleanup and maintenance for OpenClaw deployments. Cleans 12 categories: memory SQLite orphan tmp files, SQLite VACUUM, Docker dangling i...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 57 · 0 current installs · 0 all-time installs
byRuiqi Tan@yagebin79386
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (OpenClaw disk cleanup) align with the script's actions (clean /tmp, OpenClaw workspace, Docker prune, SQLite VACUUM, git gc, journal vacuum). However the registry metadata declares no required binaries or env vars while the script clearly expects external tools (sqlite3, docker, docker CLI utilities, git, journalctl/systemctl utilities, standard Unix tools like find/stat/du/awk). That mismatch (declared requirements: none vs. actual dependencies) is an inconsistency.
!
Instruction Scope
The SKILL.md instructs the agent to run the included script which performs destructive filesystem operations (rm -rf on many patterns, pruning Docker images/volumes, truncating btmp, vacuuming journals, editing/setting persistent journald limits per SKILL.md). Those actions go beyond simple 'preview' unless --dry-run is used; many operations require root privileges and modify system-wide logs and configuration. The instructions also reference environment variables (OPENCLAW_HOME, OPENCLAW_WORKSPACE) that are not declared in the registry metadata. Overall the runtime instructions do perform the described cleanup, but they also perform system-level changes that deserve explicit warning and tighter declarations.
Install Mechanism
This is an instruction-only skill with a bundled shell script and no install spec; nothing is downloaded or extracted at install time. That keeps install-time risk low. The runtime script itself will call external binaries already on the host.
Credentials
The registry lists no required environment variables, but SKILL.md documents OPENCLAW_HOME and OPENCLAW_WORKSPACE (with defaults) and the script reads those variables. No secrets/credentials are requested, which is good. The mismatch between declared required env vars (none) and the script's use of OPENCLAW_HOME/WORKSPACE should be fixed; the skill will fail or behave unexpectedly if those are missing or point to unexpected locations.
Persistence & Privilege
The skill is not marked always:true and does not request persistent inclusion. It will run only when invoked. However many actions (Docker prune, journal vacuum, truncating btmp, editing journald limits) require elevated privileges — the script does not document privilege requirements clearly. That is an operational concern but not an unexplained privilege escalation.
What to consider before installing
This script appears to do what it claims (cleanup), but it performs destructive, system-level operations and the package metadata is sloppy about what it needs. Before installing or running: 1) Inspect the entire scripts/disk-cleanup.sh file (the provided file is partially shown) to confirm there are no hidden network calls or unexpected behavior. 2) Run bash scripts/disk-cleanup.sh --dry-run first on a non-production host to see what would be deleted. 3) Expect that sqlite3, docker, git, journalctl/systemctl and standard Unix utilities must be present — the registry did not declare these requirements. 4) Be cautious about the journal/btmp/journald persistent limit changes: they modify system logging behavior and require root; review how the script applies those changes. 5) Backup critical logs/data and test in an isolated environment; consider running with least privilege (or explicitly as root only when needed) and schedule/cron only after validation. If you want a higher-confidence verdict, provide the remainder of the script (truncated portion) so those sections can be inspected for network activity, remote endpoints, or other red flags.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9772kmzwv9whx3gsxwrayr2xn83htqb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Disk Cleanup

Automated disk space recovery for OpenClaw deployments. Covers 12 cleanup categories that OpenClaw does not handle natively (as of 2026.3.13).

What OpenClaw Already Handles (skip these)

  • Session store: session.maintenance config (pruneAfter, maxEntries, rotateBytes)
  • Sandbox containers: sandbox.prune config (idleHours, maxAgeDays)
  • Context pruning: contextPruning config (cache-ttl mode)

What This Skill Handles (the gaps)

#CategoryTypical GrowthTrigger
1Memory SQLite .tmp-* orphansHundreds of MB from failed reindexAlways
2Memory SQLite VACUUMFragmentation after heavy use--aggressive
3Docker images/volumes/build cacheGB from sandbox rebuildsAlways
4Gateway logs (/tmp/openclaw/*.log)Grows daily>3 days old
5/tmp OpenClaw temp filesPatrol/board/cron artifacts>24h old
6Workspace .prebind.* backupsHundreds of MB per backup>7 days old
7Delivery queue old entriesGrows with message volume>7 days old
8systemd journalGB on default VPS configs>500MB
9npm/yarn/pnpm/bun/prisma/node-gyp cacheGB from skill/plugin installs>100MB
10Rotated syslogs + btmpSSH brute-force logs on public VPSAlways
11Git workspace .gitAuto-commit growth (board-move etc.)>200MB
12QMD/migration artifactsStale after backend switchAuto-detected

Quick Start

Run directly:

# Preview what would be cleaned (safe, no deletions)
bash scripts/disk-cleanup.sh --dry-run

# Normal cleanup
bash scripts/disk-cleanup.sh

# Deep cleanup: includes SQLite VACUUM + aggressive git gc
bash scripts/disk-cleanup.sh --aggressive

# Cron mode: only outputs summary line
bash scripts/disk-cleanup.sh --quiet

Schedule as Cron Job

Weekly Sunday 04:00 CET (recommended):

Use the cron tool:
  schedule: { kind: "cron", expr: "0 3 * * 0", tz: "Europe/Luxembourg" }
  payload: { kind: "agentTurn", message: "Run disk cleanup: bash scripts/disk-cleanup.sh --aggressive --quiet. Report results." }
  sessionTarget: "isolated"

Or integrate into an existing infra-health-check script by adding a disk usage threshold trigger:

DISK_PCT=$(df / --output=pcent | tail -1 | tr -d ' %')
if [ "$DISK_PCT" -ge 85 ]; then
  bash /path/to/disk-cleanup.sh --quiet
fi
if [ "$DISK_PCT" -ge 90 ]; then
  bash /path/to/disk-cleanup.sh --aggressive --quiet
fi

Environment Variables

VariableDefaultDescription
OPENCLAW_HOME~/.openclawOpenClaw state directory
OPENCLAW_WORKSPACE$(pwd)Agent workspace root

Exit Codes

  • 0 — Success (cleaned or nothing to clean)
  • 1 — Error during cleanup

Output Format

Last line is machine-parseable:

CLEAN|0|0B|44%          # Nothing cleaned
CLEANED|5|1.2GB|67%     # 5 actions, freed 1.2GB, now at 67%

Safety

  • --dry-run previews all actions without deleting
  • SQLite VACUUM only on --aggressive and only when fragmentation ≥5%
  • Docker prune only removes dangling (untagged) images; named images are safe
  • btmp is truncated (not deleted) — system expects the file to exist
  • Journal vacuum installs a persistent 500MB limit to prevent regrowth
  • Git gc uses --auto by default; --aggressive only with flag

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…