Back to skill

Security audit

Disk Cleanup

Security checks across malware telemetry and agentic risk

Overview

This is a real disk-cleanup skill, but it can delete broad host/workspace data and make persistent system logging changes without strong opt-in controls.

Install only if you intentionally want host-level cleanup on a dedicated OpenClaw machine. Run --dry-run first, review every path and Docker effect, avoid unattended aggressive cron mode until scoped, and be aware it may permanently reduce journald retention and remove old workspace virtual environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script is presented as a cleanup utility, but it also writes a persistent journald configuration file under /etc/systemd/journald.conf.d and restarts systemd-journald. That changes long-term system logging behavior beyond reclaiming disk space, which can unexpectedly reduce retained forensic logs and violates least surprise for a maintenance script.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script claims to remove stale migration artifacts, but it also recursively deletes Python virtual environments under the workspace scripts directory based only on age and size heuristics. Virtual environments may still be required by automation or operational tooling, so this can cause denial of service or break maintenance workflows without operator awareness.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match ordinary requests about disk usage, cleanup, pruning, or maintenance, which can cause the skill to activate in contexts where the user did not intend destructive cleanup actions. Because this skill performs deletions and potentially aggressive maintenance, overbroad routing increases the risk of accidental invocation and unintended data loss or system changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script performs privileged, persistent system changes and a service restart with no explicit warning, confirmation, or dedicated consent mechanism. In the context of an agent skill meant for routine disk cleanup, that makes accidental destructive policy changes more likely and can silently reduce log retention important for incident response.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.