Safety Report

Workspace Cleaner

Name: Workspace Cleaner
Author: brandonwise

Automates safe cleanup of OpenClaw workspaces by previewing and moving temp files, logs, duplicates, and cruft to the system trash with customizable filtering.

410Downloads

2Installs

0Stars

1Versions

Workflow Automation3,323 File Management2,100 Browser Automation1,737 Legal & Compliance738

Security Analysis

high confidence

Clean0.08 risk

The skill's code and instructions are coherent with its stated purpose (safe workspace cleanup); there are no secret requests or remote endpoints and nothing that obviously exceeds the cleanup purpose.

Feb 15, 20264 files2 concerns

Purpose & Capabilityok

The name/description match the included script and config. The script finds temp files, images, node_modules, venvs, and duplicate repos (via local git remotes) and moves them to trash. Required tools (python, trash/trash-cli, git) align with its behavior.

Instruction Scopenote

SKILL.md instructs running the bundled script with preview/execute and documents configuration and patterns. Minor inconsistencies: the script will default the workspace to $CLAWD_WORKSPACE or ~/clawd if not provided, but SKILL.md does not document the CLAWD_WORKSPACE env var. Also SKILL.md includes examples (cron, pre-commit, HEARTBEAT) that, if used with --execute without review, could cause automated deletions — the behavior is expected but operators should be careful when wiring it into automated jobs.

Install Mechanismok

There is no install spec — this is an instruction-only skill with a shipped Python script and config. Nothing is downloaded or installed by the registry entry itself.

Credentialsnote

The skill declares no required credentials or env vars, and the script does not request secrets. It does read $CLAWD_WORKSPACE (undocumented in SKILL.md) to choose a default workspace and invokes local commands (git, trash). No network endpoints or external credentials are used.

Persistence & Privilegeok

always is false and the skill does not request persistent privileges or modify other skills. It can be invoked autonomously by the agent (default behavior) but that is expected for user-invocable tools and not inherently elevated.

Guidance

This skill appears to do what it says, but review before enabling automation: 1) Run a dry-run (no --execute) and inspect the JSON output to confirm targets. 2) Check config/patterns.json and references/safe-defaults.md to ensure your important files/dirs are in protected_files/protected_dirs. 3) Note the script defaults to $CLAWD_WORKSPACE or ~/clawd if you don't pass --workspace — set the workspace explicitly if different. 4) The script calls local git and trash utilities (git remote get-url, trash/trash-put); ensure these are present and behave as you expect. 5) Avoid copying the provided cron/pre-commit examples verbatim with --execute; test thoroughly before scheduling automatic deletes. 6) If you want stronger safety, add additional protected paths or require manual review before any automated run.

Latest Release

v1.0.0

Initial release

More by @brandonwise

Humanizer

15 stars

Secure Auth Patterns

0 stars

Secrets Management

0 stars

Threat Modeling Expert

0 stars

SQL Injection Testing

0 stars

API Security Best Practices

0 stars

Published by @brandonwise on ClawHub