ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

workspace-manager

v1.0.0

用于管理和维护 OpenClaw 工作区的结构。当用户提到工作区混乱、需要整理文件夹、或者希望建立标准目录结构时使用。提供自动归档、分类、清理和健康审计功能。

1· 175·0 current·0 all-time
bymusenlinc@mslchy

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mslchy/workspace-manage.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "workspace-manager" (mslchy/workspace-manage) from ClawHub.
Skill page: https://clawhub.ai/mslchy/workspace-manage
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install workspace-manage

ClawHub CLI

Package manager switcher

npx clawhub@latest install workspace-manage
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description align with the bundled scripts: organize, audit, cleanup, archive and optional cloud sync. However the package does not declare binaries it actually uses (e.g., trash-put, gog, jq) in metadata, which is an omission and reduces clarity about required runtime tools.
!
Instruction Scope
SKILL.md instructs the agent to run the included scripts (good), but there is a behavioral mismatch: SKILL.md emphasizes 'default dry-run' for destructive operations, yet pipeline.sh will call cleanup.py with --execute by default (i.e., perform deletions) unless the user explicitly supplies --dry-run. The scripts traverse and modify the entire workspace path (~/.openclaw/workspace by default) and can move/delete (via trash) many files; archive.sh and cleanup.py prompt for confirmation but pipeline may invoke them non-interactively. The sync step can upload workspace files to Google Drive if 'gog' is installed and authenticated.
Install Mechanism
No install spec (instruction-only) — lowest install risk. Files are shipped as scripts (no remote downloads). No install-time network fetches or extract operations were found.
!
Credentials
The skill requests no environment variables or declared credentials, yet sync.sh can upload data to Google Drive using the gog CLI (requires user authentication outside the skill). The scripts also call external tools (trash-put, jq) without declaring them. The optional sync defaults (sync_human: true) would upload Workspace_Human content if 'gog' is present and authenticated, which may include sensitive files unless the user configures sync-config.json carefully.
Persistence & Privilege
always:false and no attempt to modify other skills or system-wide agent settings. The skill creates/changes files only under the workspace directory and writes logs there — expected behavior for a workspace manager.
What to consider before installing
Before installing or running this skill: (1) Inspect the scripts locally and back up your ~/.openclaw/workspace directory. (2) Run pipeline.sh with --dry-run (or call the individual scripts in preview mode) to see proposed changes; do not rely on SKILL.md's assertion of default dry-run because pipeline.sh will run cleanup with --execute by default unless you pass --dry-run. (3) Be aware the sync step can upload files to Google Drive if you have the 'gog' CLI installed and authenticated — disable or review config/sync-config.json if you don't want uploads. (4) Ensure required helper tools (trash-put, gog, jq) are intentionally installed or remove calls to them; trash-put is used for safe deletion fallback. (5) Consider running the skill on a test workspace first and verify config/patterns.json protected paths include any sensitive locations. If you want this skill but prefer safer defaults, change pipeline.sh to default to dry-run and set sync_human/sync_agent to false in config/sync-config.json.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bgv49g5rjamx1zqb64mjqj183749j
175downloads
1stars
1versions
Updated 22h ago
v1.0.0
MIT-0
musenlinc@mslchy
latest
Download

Design Pattern

此技能使用 Pipeline(流水线)模式 来执行多步骤工作区管理,并通过 Tool Wrapper(工具包装器)模式 安全地封装文件系统操作。优先调用配套脚本,避免在 Prompt 中内联复杂 bash 命令,以控制 Token 成本并提升执行稳定性。

Workspace Manager

此技能旨在保持工作区的整洁和高效,将人类文件与 Agent 文件分离,并提供一站式维护能力。

标准目录结构 (Standard Structure)

~/.openclaw/workspace/
├── Workspace_Human/          # ❶ 供人类使用的文件(输入、输出、备份)
│   ├── input/                # 用户提供或导入的原始文件
│   ├── output/               # 生成的产物(图片、PDF、文档)
│   │   ├── images/           # 图片文件
│   │   ├── docs/            # 文档文件 (PDF, DOCX)
│   │   └── data/            # 结构化数据 (JSON, CSV)
│   ├── backup/              # 备份文件(手动 + 自动)
│   └── temp/               # 临时文件(CDP 截图、缓存等,可安全清理)
│
├── Workspace_Agent/         # ❷ 供 Agent 之间交互的文件
│   ├── memory/             # 每日日志 (YYYY-MM-DD.md) + 长期记忆
│   ├── skills/             # 已安装的技能目录
│   ├── subagents/          # 永久子 agent 配置
│   ├── shared_context/     # 多 agent 共享上下文
│   ├── artifacts/          # 中间产物(构建产物、待整理文件)
│   ├── cache/              # 可复用的缓存数据
│   ├── logs/               # 操作日志
│   ├── skills_custom/      # 自定义编写的技能
│   ├── prompts/            # 常用提示词模板
│   └── kb/                 # Agent 知识库
│
├── archive/                  # 归档目录(按 YYYY-MM/ 组织)
├── scripts/                  # 本地脚本(workspace-manager 专用)
└── secret/                   # 敏感凭据

核心文件保护(永不删除)

以下文件无论任何情况都受到保护:

  • MEMORY.md, SOUL.md, USER.md, AGENTS.md, HEARTBEAT.md
  • .git/, memory/, skills/, subagents/, Workspace_Human/

Pipeline 工作流

所有步骤均通过配套脚本执行。推荐使用一键全量 Pipeline,复杂场景可单独触发某一阶段。

推荐:一键全量 Pipeline

# 执行完整 5 步流水线(Audit → Organize → Clean → Archive → Sync)
bash {{SKILL_DIR}}/scripts/pipeline.sh --all

# 仅预览(不实际执行任何写入操作)
bash {{SKILL_DIR}}/scripts/pipeline.sh --all --dry-run

# 执行指定步骤
bash {{SKILL_DIR}}/scripts/pipeline.sh audit organize

Step 1 — 健康审计 (Audit)

bash {{SKILL_DIR}}/scripts/health-check.sh

自动检查:断链、空目录、大文件(>10MB)、畸形命名、磁盘占用、最近活动。 输出 0-100 健康评分及分级建议。

Step 2 — 规范化 (Standardize)

bash {{SKILL_DIR}}/scripts/standardize.sh

确保标准目录结构完整,检测根目录散落文件并给出整理建议。

Step 3 — 自动整理 (Organize)

bash {{SKILL_DIR}}/scripts/organize.sh

Workspace_Agent/artifacts/ 中的散落文件按类型移动到 Workspace_Human/output/ 对应子目录:

文件类型目标位置
*.png, *.jpg, *.webp, *.gifWorkspace_Human/output/images/
*.pdf, *.docx, *.docWorkspace_Human/output/docs/
*.json, *.csv, *.xmlWorkspace_Human/output/data/
*screenshot*, cdp_tmp_*, *.tmpWorkspace_Human/temp/

Step 4 — 安全清理 (Clean)

# 预览(默认,永远先预览)
python3 {{SKILL_DIR}}/scripts/cleanup.py

# 执行清理(移动到系统 trash,可恢复)
python3 {{SKILL_DIR}}/scripts/cleanup.py --execute

# 按条件清理
python3 {{SKILL_DIR}}/scripts/cleanup.py --min-age 30 --execute   # 30天以上
python3 {{SKILL_DIR}}/scripts/cleanup.py --min-size 50            # >50MB

保护规则:永不删除 .git/memory/skills/Workspace_Human/、最近 24h 文件及所有核心配置文件。

Step 5 — 归档 (Archive)

# 交互式归档(7天以上文件,按月组织)
bash {{SKILL_DIR}}/scripts/archive.sh

# 自定义天数
DAYS=30 bash {{SKILL_DIR}}/scripts/archive.sh

归档结构:archive/YYYY-MM/。仅处理 Workspace_Agent/artifacts/

Step 5 — 云端同步 (Sync) ⭐ 可选扩展

bash {{SKILL_DIR}}/scripts/sync.sh

此步骤为可选扩展,需要 gog CLI 已安装并认证。未安装或未认证时自动跳过,不阻断其他 Pipeline 步骤。

同步范围(可通过 config/sync-config.json 配置开关):

  • Workspace_Human/ 全部内容 → Google Drive AI_Workspace/Workspace_Human/
  • Workspace_Agent/ 全部内容 → Google Drive AI_Workspace/Workspace_Agent/(默认关闭)
  • ✅ 核心配置文件(MEMORY.md 等) → Google Drive AI_Workspace_Backup/

启用同步:安装 gog CLI 并运行 gog auth login 即可自动启用。

关闭同步:删除 gog 或不运行 gog auth login,Pipeline 自动跳过此步骤。

常用命令速查

任务命令
一键全量bash {{SKILL_DIR}}/scripts/pipeline.sh --all
健康审计bash {{SKILL_DIR}}/scripts/health-check.sh
规范化bash {{SKILL_DIR}}/scripts/standardize.sh
整理文件bash {{SKILL_DIR}}/scripts/organize.sh
预览清理python3 {{SKILL_DIR}}/scripts/cleanup.py
执行清理python3 {{SKILL_DIR}}/scripts/cleanup.py --execute
归档旧文件bash {{SKILL_DIR}}/scripts/archive.sh
云端同步bash {{SKILL_DIR}}/scripts/sync.sh ⭐可选

目录命名规则

  • 所有目录名:kebab-case,无空格,无特殊字符
  • 示例:Workspace_Human, Workspace_Agent, shared_context, skills_custom
  • 文件扩展名:全部小写

最佳实践

  • 每次会话结束前bash {{SKILL_DIR}}/scripts/pipeline.sh audit organize
  • 每周定期维护bash {{SKILL_DIR}}/scripts/pipeline.sh --all(完整流水线)
  • 永远先预览再执行:特别是 cleanup.py(默认就是预览模式)
  • 永远用 trash 代替 rm:所有脚本均使用 trash-put,误删可从系统回收站恢复
  • 引导用户将临时文件生成在 Workspace_Agent/artifacts/,会话结束后由 Pipeline 自动整理

Comments

Loading comments...