ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Disk Space Analyzer

v1.0.0

磁盘空间分析与优化建议工具。自动扫描所有磁盘驱动器,生成包含目录占用排名、 爆满元凶锁定、可清理缓存识别和优化建议的完整报告。 触发词: 磁盘空间分析、C盘满了、硬盘空间不足、磁盘爆满、磁盘占用、磁盘分析、 磁盘清理、C盘空间、磁盘空间报告、扫描磁盘、disk space、磁盘满了、磁盘空间不够、 帮我看看磁盘、...

1· 64·0 current·0 all-time
by@raingingkleec

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for raingingkleec/disk-space-analyzer.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Disk Space Analyzer" (raingingkleec/disk-space-analyzer) from ClawHub.
Skill page: https://clawhub.ai/raingingkleec/disk-space-analyzer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install disk-space-analyzer

ClawHub CLI

Package manager switcher

npx clawhub@latest install disk-space-analyzer
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with the provided code and instructions: the Python scanner recursively enumerates drives and directories, identifies large directories, and the SKILL.md explains generating an HTML report. There are no unrelated dependencies or credentials requested.
Instruction Scope
Runtime instructions are focused on running the bundled scanner and creating a local HTML report. Two issues to be aware of: (1) the SKILL.md explicitly instructs to inject the raw JSON into the HTML template without additional escaping — this increases risk of client-side injection/XSS if file or directory names contain crafted content and the report is later opened in a browser; (2) the report embeds absolute paths and other local metadata (home path, Windows component names), so the generated report contains sensitive local information that should not be shared without review. The skill does not instruct sending data to external endpoints.
Install Mechanism
No install spec or remote download is present; the skill ships code files and is instruction-driven. That is lower-risk than fetching/executing remote artifacts.
Credentials
No required environment variables or credentials are declared. The code reads common environment values (HOME, COMPUTERNAME/HOSTNAME) and scans user/home directories — this is consistent with a disk analyzer. No unrelated secrets or network tokens are requested.
Persistence & Privilege
Flags show always:false and the skill does not request persistent/system-wide configuration changes. It does not modify other skills or system settings.
Assessment
This skill is coherent with its stated purpose, but before running it: (1) expect it to scan all available drives and your user home — it will read directory and file metadata (paths, sizes). Don't run it if you don't want that information enumerated. (2) The generated HTML report embeds raw JSON containing absolute paths and filenames — treat the report as sensitive and do not upload or share it without sanitizing. (3) The SKILL.md asks you not to escape the JSON when injecting it into the template; that can enable client-side injection if filenames are malicious or contain unusual characters — open the report locally in a safe environment and inspect contents before sharing. (4) The scanner can be I/O-intensive and slow on large drives; run with care on production systems. If you need stronger guarantees: request the author add optional escaping/sanitization of fields and an option to redact absolute paths before generating the report.

Like a lobster shell, security has layers — review code before you run it.

latestvk976kggcmf1ajrdgywak7mp5zd853c61
64downloads
1stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@raingingkleec
latest
Download

Disk Space Analyzer

扫描用户所有磁盘驱动器,生成专业的空间分析报告(HTML)。

Workflow

Phase 1: Scan

Run the bundled scanner script to collect disk usage data:

python scripts/disk_scan.py --top 10 --deep --output <output_path>
  • --top N: Number of top directories per drive (default 10)
  • --deep: Deep-trace the top 3 directories on each drive, recursively following the largest child up to 5 levels deep to find the true culprit
  • --output: Save JSON to file (recommended for large reports)
  • Output: JSON with per-drive data, progress to stderr

Read the JSON output. Key fields:

  • drives[]: Per-drive overview with top_directories
  • drives[].deep_consumers[]: Top 3 dirs with their children + culprit_trace (recursive deep trace result with chain, leaf, breadcrumb)
  • special_locations: Cache/temp locations across all drives
  • windows_components: C:\Windows subfolder breakdown

Phase 2: Generate Report

Create an HTML report by:

  1. Read the scan JSON data
  2. Copy assets/report_template.html to the workspace as the HTML output file
  3. Replace __REPORT_DATA__ in the HTML with the raw JSON string from json.dumps(data, ensure_ascii=False, separators=(',',':'))
  4. The HTML template uses const REPORT_DATA = __REPORT_DATA__; — JSON is injected directly as a JS object literal, no parsing needed
  5. Deliver the HTML file and preview it

⚠️ Simply replace __REPORT_DATA__ with the raw JSON output. Do NOT add any extra escaping.

Python snippet for report generation:

import json

with open(scan_json_path, encoding='utf-8') as f:
    data = json.load(f)

with open(template_path, encoding='utf-8') as f:
    html = f.read()

json_str = json.dumps(data, ensure_ascii=False, separators=(',',':'))
html = html.replace('__REPORT_DATA__', json_str)

with open(output_html_path, 'w', encoding='utf-8') as f:
    f.write(html)

Phase 3: Present & Advise

After showing the visual report, provide a text summary to the user:

  1. 每个盘元凶锁定: Every drive gets a culprit alert — the deep tracer recursively follows the largest child directory up to 5 levels to find the true space hog (e.g., Program Files → NetEase → MuMu → vms)
  2. 追踪路径可视化: Show the breadcrumb path of how the culprit was traced
  3. 前3目录深度分析: Show children breakdown for each drive's top 3 directories
  4. 可清理项: List safe-to-clean caches and temp files with total savings
  5. 优化建议: Actionable recommendations ordered by impact

Suggestion Rules

  • If a directory exceeds 30% of drive used space, flag it as the primary culprit
  • For Windows systems, note WinSxS is not safe to manually delete; recommend Dism /Online /Cleanup-Image /StartComponentCleanup
  • For MuMu/Android emulators, recommend migrating VM storage to another drive
  • For cache/temp files, confirm with user before deleting (show the list first)

Edge Cases

  • If a drive scan fails (permission denied), skip and note it
  • On non-Windows systems, the special_locations scan will simply find fewer items
  • If only one drive exists, still run the full workflow

Comments

Loading comments...