clear-skills

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cleanup tool, but it can delete broad AI-tool configuration directories rather than only rule or skill files.

Install only if you intentionally want a broad AI-agent cleanup utility. Before running it, use --dry-run, prefer --mode project or a narrow --platforms list, keep backups enabled, and avoid --yes or --no-backup unless you have reviewed every listed path.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill describes filesystem-destructive behavior and backup creation but does not declare the permissions needed for environment access and file writes/deletes. That makes the capability boundary opaque to users and reviewers, increasing the chance of unintentionally granting a skill broad destructive access without informed consent.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: The stated purpose is limited to clearing rule/skill/instruction files, but the documented behavior reaches much further by deleting whole configuration directories, targeting generic files like config.toml, and writing backups to the Desktop. In a cleanup skill, this context makes the mismatch more dangerous because users are primed to expect narrow, reversible cleanup while the actual scope can remove unrelated settings, credentials, history, or other agent/tool state across many platforms.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The script deletes many broad configuration directories such as ~/.claude, ~/.continue, ~/.kiro, ~/.openhands, ~/.pi, ~/.factory, and shared directories like ~/.openclaw rather than only narrowly scoped rule or instruction files. This exceeds the stated purpose of clearing agent rules and can destroy unrelated user settings, workspaces, and platform data, especially when used with --mode all and --yes.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: Several different platforms are mapped to the same shared directory ~/.openclaw, so selecting one platform can remove configuration used by other platforms as well. This violates platform isolation and makes deletion scope unpredictable, causing collateral loss beyond what the user likely intended.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal