by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's code and instructions mostly match a disk-cleanup tool, but the shipped script performs broad destructive operations requiring elevated privileges and the provided file listing/content is truncated so the full behavior could not be verified.
评估建议
This skill appears to be a legitimate disk-cleanup utility, but it performs many destructive operations and needs sudo for system-level cleanup. Before installing or running it: 1) Don't run with --yes initially — always run bash scripts/cleanup.sh --dry-run and inspect the results. 2) Review the full scripts/cleanup.sh file yourself (the provided manifest/content was truncated in the review, so confirm the missing tail of the script before trusting it). 3) Back up important data or test in a di...详细分析 ▾
✓ 用途与能力
The name, description, SKILL.md and the visible portion of scripts/cleanup.sh align: they scan and remove trash, caches, temp files, package manager caches, journal logs, snap revisions, Homebrew/Xcode artifacts, Docker, etc. The targets the skill touches are consistent with a disk-cleanup utility.
ℹ 指令范围
SKILL.md instructs users to run the included shell script and documents dry-run and skip flags. The script performs many file-system and package-manager operations (rm -rf, apt clean, brew cleanup, journalctl vacuum, snap remove, sudo find -delete, Docker prunes, etc.). That behavior is in-scope for a cleanup tool, but it's inherently destructive and requires careful review before use. SKILL.md claims 'no dependencies beyond bash and awk' — the script conditionally invokes many external tools (pip, go, brew, apt, snap, docker, journalctl) but checks for their presence; this is reasonable but the claim may be misleading to less-technical users.
✓ 安装机制
No install spec — instruction-only with an included script. Nothing is being downloaded or installed by the skill itself, which limits supply-chain risk.
ℹ 凭证需求
No environment variables or external credentials are requested. However, the script invokes sudo for many actions on Linux and runs privileged package-manager and file-deletion commands. Requesting elevated privileges is proportionate to cleaning system-level caches, but it increases risk and requires user caution.
✓ 持久化与权限
The skill is not marked always:true and does not request persistent system-wide configuration. It does not declare autonomous-execution restrictions (default behavior), which is expected for skills. There is no evidence it modifies other skills or agent configuration.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/5
Initial release: cross-platform (macOS + Linux) disk cleanup — trash, caches, tmp, old kernels, snap, Homebrew, Xcode, Docker
● 无害
安装命令
点击复制官方npx clawhub@latest install storage-cleanup
镜像加速npx clawhub@latest install storage-cleanup --registry https://cn.longxiaskill.com