Skillv1.0.0

ClawScan security

macOS Disk Cleaner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 2:34 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (safe, interactive macOS cleanup) mostly matches the included scripts and docs, but there are mixed signals — aggressive rm -rf examples and system-level deletion commands appear in the references while the main instructions insist on never auto-deleting — so you should review the deletion logic before installing or running it.
Guidance: This skill appears to do what it claims (scan caches, large files, Docker, package-manager caches) but contains potentially dangerous deletion commands in its reference docs. Before installing or running it: 1) Inspect safe_delete.py (not shown in full here) to confirm it enforces explicit, per-item confirmation and never runs rm -rf or sudo rm -rf automatically; 2) Verify the agent will only present deletion commands to you and will not execute them without your explicit, per-item consent; 3) Be cautious about the documented example commands like `sudo rm -rf /Library/Caches/*`, `rm -rf ~/Library/Caches/*`, and any docker removal commands — treat them as manual instructions to run yourself only after you have backups; 4) Confirm Mole (tw93/tap/mole) is the intended third-party tool and inspect it separately before brew installing; 5) If you want higher assurance, ask the publisher for the full safe_delete.py and for a short audit of any code paths that could perform deletions or invoke network endpoints. If you cannot review the deletion helper, run the analysis scripts in a sandbox or on a non-critical machine first.

Review Dimensions

Purpose & Capability: noteThe name/description (macOS disk cleanup) aligns with the code and docs: analysis scripts for caches, dev environment, large files, and an interactive safe_delete helper. However, the reference docs include explicit destructive commands (e.g., `sudo rm -rf /Library/Caches/*`, `rm -rf ~/Library/Caches/*`, `rm -rf /path/to/file`) as example cleanup commands — which is plausible for a cleanup tool but is more permissive than the 'safety-first' rhetoric and should be justified (are those only examples for manual use?).
Instruction Scope: concernSKILL.md strongly emphasizes 'never auto-delete' and requiring explicit user confirmation, and many instructions require running TTY-focused tools (tmux + Mole). Yet references and some script outputs include direct rm -rf and sudo deletion commands as 'Cleanup command' examples and suggest commands users might run. The code uses subprocess calls to system utilities (du, find, docker, brew, npm, pip) which is expected but means the agent will be performing wide filesystem and system tooling queries. The core concern is mixed messaging: documentation contains dangerous one-liners that could be executed if the deletion helper (safe_delete.py) is not implemented strictly interactive.
Install Mechanism: okThere is no install spec (instruction-only skill with bundled scripts). The SKILL.md recommends installing Mole via Homebrew (brew install tw93/tap/mole), which is a normal package install path. No downloads from untrusted URLs or archive extraction steps are present in the manifest.
Credentials: okThe skill requests no environment variables or credentials. It does, however, assume access to local tools (docker, brew, npm, pip) and may ask the user to run sudo for system cache cleanup — these are reasonable for a disk-cleaner but mean the skill operates at the filesystem and system-tool level (not network credentials).
Persistence & Privilege: noteThe skill is not always-enabled and does not request persistent privileges. It does instruct users to run sudo for some system-level cleanups and to run external tools, which is expected. The main risk is runtime: the scripts perform local filesystem operations and could delete files if the safe deletion component is improperly implemented or called without confirmation.