Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Doc Sysadmin
v1.0.0Especialista TI Ubuntu 24.04. Cuida do sistema host - espaço em disco, RAM, lentidão, limpeza periódica. Use when: (1) verificação de saúde do sistema, (2) l...
⭐ 0· 432·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (Ubuntu sysadmin: health checks, disk/RAM cleanup, performance) match the commands and script provided. The actions (df, free, apt clean, journalctl vacuum, drop caches) are appropriate for this purpose. However, the SKILL.md describes conservative deletion rules (only trash, .tmp older than 7 days, apt cache .deb, gz logs) while the included script is more aggressive and deletes /tmp/* and /var/tmp/* unconditionally.
Instruction Scope
SKILL.md requires 'Sempre peça confirmação' before deleting anything outside trash/.tmp, and explicitly limits what may be deleted. The provided scripts/cleanup.sh contradicts that: it runs rm -rf /tmp/* /var/tmp/* and apt autoremove/autoclean without user confirmation. The script also vacuums journal logs and drops caches automatically. These are destructive operations if run without confirmation and exceed the conservative scope described in the prose.
Install Mechanism
No install spec; the skill is instruction-only with a small included script. Nothing is downloaded from external URLs or installed during skill installation. This is low risk from an install-mechanism perspective.
Credentials
The skill requests no environment variables or credentials, which is appropriate for a local sysadmin helper. There is no evidence of attempts to exfiltrate secrets or require unrelated credentials.
Persistence & Privilege
The skill metadata sets elevated: true (allowed to use sudo), which is reasonable for system maintenance. Combined with the included script that performs unconditional deletions and apt operations, this grants the skill the ability to make system-wide changes without the confirmation policy the SKILL.md claims. The skill is not marked always:true, and there is no install-time persistence, but the elevated capability plus inconsistent deletion behavior is a notable risk.
What to consider before installing
This skill is generally coherent with being a local Ubuntu sysadmin helper, but it contains a dangerous mismatch: the documentation says to always ask confirmation and only delete certain items (e.g., old /tmp files), yet scripts/cleanup.sh force-deletes /tmp/* and /var/tmp/* and runs apt autoremove without prompting. Before installing or running this skill:
- Do not run the cleanup script on production machines without review. Inspect and test it in a disposable VM first.
- Modify the script to honor the documented rules: only delete /tmp files older than N days (use find -type f -atime +7), avoid unconditional rm -rf /var/tmp/*, and require interactive confirmation before destructive steps.
- Remove or require sudo for commands that need root and avoid relying on implicit root execution; add explicit prompts and dry-run modes.
- Be aware that clearing /tmp or dropping caches can disrupt running services (remove sockets, temp state). Back up important data and ensure scheduled automation won't run the script unattended.
If you want to proceed, ask the author to reconcile the SKILL.md rules with the script, add confirmations/dry-run flags, and document exactly what will be removed and under what conditions.Like a lobster shell, security has layers — review code before you run it.
latestvk971zmtw8tsrv1hdxfm2v5d6p581xj9smaintenancevk971zmtw8tsrv1hdxfm2v5d6p581xj9ssysadminvk971zmtw8tsrv1hdxfm2v5d6p581xj9subuntuvk971zmtw8tsrv1hdxfm2v5d6p581xj9s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.