← 返回 Skills 市场
openclaw-cleaner
作者
computersniper
· GitHub ↗
· v1.0.0
· MIT-0
318
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-cleaner
功能描述
OpenClaw清理大师 - 项目目录清理与优化工具。提供快照、Diff、检查点、任务进度等能力,AI 可直接调用自动执行。
安全使用建议
This skill appears to be a coherent project cleaner but gives an agent wide ability to read all files in your workspace, record file contents into snapshots, and perform deletions without requiring user confirmation. Before installing: 1) Do not run on a workspace that contains secrets or sensitive production data; test in an isolated repo or VM. 2) Inspect the full SKILL.md code yourself (or have someone you trust review it) to confirm what 'remove' operations do and whether there are safeguards. 3) Require manual confirmation for destructive actions — do not allow autonomous invocation to delete files. 4) Backup important data outside the project (separate storage) before use. 5) Consider restricting the skill's runtime permissions or path scope so it cannot traverse outside an allowed directory. If you need safer defaults, ask the author to add explicit confirmation prompts and scope limits (e.g., whitelist directories, skip files with sensitive extensions).
功能分析
Type: OpenClaw Skill
Name: openclaw-cleaner
Version: 1.0.0
The skill performs high-risk file system operations by reading the full content of all workspace files into local JSON snapshots, which may inadvertently include sensitive data like credentials or .env files not covered by its hardcoded ignore list (SKILL.md). It specifically targets and modifies core OpenClaw 'Soul' files (e.g., MEMORY.md, USER.md, SOUL.md) that contain the agent's identity and user history. While no evidence of data exfiltration was found, the broad read/write permissions combined with instructions for the AI to execute these actions without user confirmation creates a significant security and privacy risk.
能力评估
Purpose & Capability
The name/description (project cleaner: snapshots, diff, checkpoints, optimize) match the instructions and the embedded JavaScript implementation: it scans the workspace, records file contents and hashes, writes snapshots under .cleaner-backups, and exposes compare/restore/remove-like operations. That capability set is consistent with a cleaner tool, but the implementation is broad (reads file contents and writes backups) and examples reference removing skills ('skills.remove'), which may have wide effects depending on the agent runtime.
Instruction Scope
SKILL.md contains runtime instructions plus a full JS implementation that recursively reads most files in the workspace (reading file contents, computing hashes), creates snapshots containing file content, and exposes operations that perform deletions/changes. The header explicitly says 'AI 可在执行任务时直接调用,无需用户确认' (AI may call directly without user confirmation). Reading and persisting full file contents and allowing deletion without confirmation grants broad access to potentially sensitive files (.env, keys, credentials) and can cause irreversible changes if invoked autonomously.
Install Mechanism
No install spec and no code files outside SKILL.md — the skill is instruction-only. That lowers supply-chain risk because nothing external is downloaded or executed during install. However, the SKILL.md itself contains executable code the agent is expected to use at runtime.
Credentials
The skill requests no environment variables or credentials (proportionate). However, it performs filesystem access across the workspace and stores file contents in snapshot files under .cleaner-backups. Even though no external credentials are requested, the file I/O behavior can expose local secrets stored in the workspace — this is a privacy/privilege concern even without env credentials.
Persistence & Privilege
The skill does not set always:true (good) but the SKILL.md explicitly permits autonomous AI invocation without user confirmation and provides code that deletes/changes files. Autonomous invocation combined with delete/write capability increases risk. The skill writes its backups under the project ('.cleaner-backups') which is reasonable scope, but there is no mechanism described to require explicit user consent prior to destructive actions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-cleaner - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-cleaner触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
A cleaning software toolbox for Openclaw
元数据
常见问题
openclaw-cleaner 是什么?
OpenClaw清理大师 - 项目目录清理与优化工具。提供快照、Diff、检查点、任务进度等能力,AI 可直接调用自动执行。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 318 次。
如何安装 openclaw-cleaner?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-cleaner」即可一键安装,无需额外配置。
openclaw-cleaner 是免费的吗?
是的,openclaw-cleaner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
openclaw-cleaner 支持哪些平台?
openclaw-cleaner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 openclaw-cleaner?
由 computersniper(@computersniper)开发并维护,当前版本 v1.0.0。
推荐 Skills