Skill Cleaner

[!CAUTION] HIGH PRIVILEGE TOOL: This skill can mutate your workspace (Quarantine) and modify the Security Core permit lists. It is configured with disable-model-invocation: true, meaning it must be run manually and cannot be autonomously triggered by agents.

Scans your installed skills for suspicious patterns, verifies them against VirusTotal, and "fixes" false positives by adding them to the safety allowlist.

Usage

Run the cleaner to automatically verify and allowlist suspicious skills:

# Dry run (safe, just shows what would happen)
npx tsx ./skills/skill-cleaner/scripts/clean.ts

# Commit trust to safety allowlist for clean files
npx tsx ./skills/skill-cleaner/scripts/clean.ts --commit

# Full Security Fix: Trust clean files AND quarantine malicious ones
npx tsx ./skills/skill-cleaner/scripts/clean.ts --fix

Features

• Heuristic Scanning: Uses OpenClaw Core scanner to find suspicious code patterns.
• VirusTotal Integration: Cross-references hashes with VT for reputation.
• Trust Bridge: Automatically allowlists "false positives" via the Gateway.
• Quarantine: Moves malicious files (detects > 0 on VT) to a .quarantine/ folder for safety.

Security Disclosure

This skill requires high-privilege access to function as a security utility:

• Safe Bridge: Uses a hardened, non-shell Bridge (Gateway RPC) to verify and trust skills. This avoids direct file system mutation for the allowlist.
• Privacy: Only loads the VIRUSTOTAL_API_KEY from your .env file; it does not access or expose unrelated secrets. Transmission is limited to SHA-256 hashes and sanitized metadata; your actual source code contents are never sent to external services or the Bridge.
• Verification: Performs a Live Scan of your skills/ directory using the internal OpenClaw security module to compute hashes.

Audit Guidance: If you see "High Privilege" flags on the Hub, this is expected behavior for a tool that interacts with the Security Core. Always run in dry-run mode first to inspect planned changes.