ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

clear-skills

v1.0.0

This skill should be used when the user wants to clear, remove, or clean up AI agent rules, skills, or instruction files from their coding environment. It su...

0· 78·0 current·0 all-time
byandy-xiran@subingshe
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (clear-skills) matches the provided files: SKILL.md documents scanning and removal of many agent rule files and scripts/clear_agent_rules.py implements that behavior. All requested resources are local filesystem paths (project/global rule locations) which are appropriate for a cleanup tool.
Instruction Scope
The SKILL.md explicitly instructs the agent to run the included Python script to scan and remove files across many project/global paths. This is in-scope for the stated purpose, but the instructions also include non-interactive flags (--yes, --no-backup, --include-self) which, if used, will cause destructive actions without further confirmation. The docs recommend --dry-run/backup; follow those safeguards before deleting.
Install Mechanism
No install spec — instruction-only with a bundled Python script. The script claims to use only the Python standard library (imports shown: argparse, os, platform, shutil, sys, datetime, pathlib). There are no downloads, external packages, or installers referenced.
Credentials
The skill declares no required environment variables, credentials, or config paths. The script reads standard local paths (HOME, Documents, USERPROFILE fallback) to find rule/config files; this is necessary for the cleanup task and is proportionate to the purpose.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously (disable-model-invocation:false), which is the platform default; combined with destructive flags (--yes, --no-backup) this increases risk of accidental deletion if the agent runs without user confirmation. The SKILL.md advocates confirming intent, but operators should be careful about allowing autonomous runs.
Assessment
This skill appears to do what it says: scanning and deleting local AI-agent rule/skill files. Before using it: (1) run python scripts/clear_agent_rules.py --dry-run to see exactly what would be removed, (2) keep the default backup (don't use --no-backup), (3) avoid non-interactive --yes unless you are certain, and (4) review the script source yourself (it appears to use only Python stdlib and no network calls). If you allow autonomous invocation, be aware an agent could run it with destructive flags; consider restricting autonomous execution or running the script manually in a safe environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk971mjb7d1gxtmcyf6tx7ma2jn838x7k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments