ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Workspace Trash

Soft-delete protection for workspace files. Intercept file deletions and move them to a recoverable trash instead of permanent removal. Use when deleting, re...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 6 · 0 current installs · 0 all-time installs
by@crewhaus
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The script implements a workspace trash for files under ~/.openclaw/ which matches the skill description. However the code relies on Node (node -e) and standard shell utilities even though the registry metadata declared no required binaries; that missing dependency is an inconsistency the author should declare.
Instruction Scope
SKILL.md's instructions map closely to the script: move/list/restore/empty/size and a rule to prefer the trash over rm. The script enforces scope to files under OPENCLAW_HOME (default $HOME/.openclaw). There are no network calls or steps that read unrelated system secrets.
Install Mechanism
This is instruction-only (no installer), so nothing is written to system paths on install. The bundle includes a shell script that will run on demand; it expects a Node runtime and POSIX tools but provides no install spec or declared dependency for Node.
!
Credentials
The script uses OPENCLAW_HOME and OPENCLAW_WORKSPACE (with defaults) and $HOME implicitly, but the skill declares no required environment variables. The code will behave differently if those env vars are set; the skill should declare these as configuration parameters. Also the script uses rm -rf for fallback and for emptying trash — a necessary but high-impact operation that should be noted.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or platform-wide privileges. It modifies only its own .trash and .manifest.json inside the workspace; it does not change other skills or global agent configuration.
What to consider before installing
This script appears to be a reasonable local "trash" for OpenClaw workspaces, but review these before installing: - Dependency: The script runs several node -e snippets but the registry metadata lists no required binaries. Ensure the agent environment has node (and standard POSIX tools) available or the script will fail. Ask the author to declare required binaries. - Scope: The script enforces trashing only under OPENCLAW_HOME (defaults to $HOME/.openclaw). If you rely on a different workspace layout, confirm the env vars OPENCLAW_HOME / OPENCLAW_WORKSPACE and behavior. - Destructive operations: Emptying the trash and the cross-filesystem fallback use rm -rf. The script will permanently delete files when you run /trash:empty; follow the rule to confirm before emptying. Consider backing up important data first. - TOCTOU / symlink considerations: Restores and moves use mv with cp+rm fallbacks. If multiple parties can write inside the workspace, a race or symlink could cause files to be moved/restored to unexpected locations. If you operate in a multi-tenant environment, review this risk. If you decide to proceed, request the author update the metadata to declare 'node' (and any other required binaries) and to explicitly document OPENCLAW_HOME/OPENCLAW_WORKSPACE configuration and the confirmation behavior for emptying the trash.
scripts/trash.sh:173
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.0
Download zip
latestvk974jpxjswtzdrq8enra4fk6hh830efp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Workspace Trash

Never permanently delete workspace files. Always use trash instead of rm.

Slash Commands

  • /trash — Show trash menu (view, empty, restore options)
  • /trash:view — List all items in trash
  • /trash:empty — Permanently delete all trash contents (confirm first!)
  • /trash:restore — List items and ask which to restore

Script

bash skills/workspace-trash/scripts/trash.sh <action> [args...]

Actions: move, list, restore <id|index>, empty, size

Rules

  1. NEVER use rm or rm -rf on OpenClaw files. Always use the trash script's move action instead.
  2. When asked to delete/remove/clean up files, use trash.sh move <path> — not rm.
  3. Before emptying trash, always confirm with the user and show what will be deleted.
  4. The trash lives at .trash/ in the primary workspace root. A .manifest.json tracks original paths for restoration.
  5. Scope: any file under ~/.openclaw/ — primary workspace, agent workspaces (workspace-*), and other OpenClaw directories. The script refuses paths outside ~/.openclaw/.
  6. Cross-filesystem support: Agent workspaces may be on different mounts. The script uses cp -a + rm as a fallback when mv fails across filesystems. Restore also handles cross-filesystem moves.
  7. Restore by index number (from list) or by trash name. Items from agent workspaces show [agent] tag in list view.
  8. When multiple files are being deleted, pass them all in one command: trash.sh move file1 file2 dir1

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…