Scan Report
5 /100
workspace-trash
Soft-delete protection for workspace files — intercept file deletions and move them to a recoverable trash instead of permanent removal.
A straightforward workspace soft-delete utility with clear documentation, well-defined scope boundaries, and sound defensive practices against path traversal and code injection.
Safe to install
No action needed. This skill is safe to use as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md declares file write access under ~/.openclaw/; trash.sh moves/copies fi… |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md declares 'mv', 'cp', 'rm', 'find'; all used appropriately for trash ope… |
| Environment | NONE | READ | ✓ Aligned | Reads OPENCLAW_HOME and OPENCLAW_WORKSPACE from env; documented in SKILL.md; not… |
| Network | NONE | NONE | — | No network operations found |
| Skill Invoke | NONE | NONE | — | No skill invocation chains |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | No database access |
File Tree
2 files · 13.4 KB · 340 lines Shell 1f · 270L
Markdown 1f · 70L
├─
▾
scripts
│ └─
trash.sh
Shell
└─
SKILL.md
Markdown
Security Positives
✓ No base64-encoded or obfuscated code anywhere in the implementation
✓ No network requests, external IPs, or data exfiltration observed
✓ No credential harvesting or sensitive file access (~/.ssh, ~/.aws, .env, etc.)
✓ No external script downloads or curl|bash patterns
✓ No reverse shell, C2, or arbitrary code execution vectors
✓ All declared capabilities match actual usage — no doc-to-code mismatch
✓ Strong path traversal defense: symlinks are resolved before scope check (resolve_path + pwd -P)
✓ Injection prevention: all user data passed to Node.js via process.env, never string interpolation into node -e
✓ Flag safety: all mv/cp/rm calls use '--' separators to prevent filenames starting with '-'
✓ Scope lock restricts all operations to $OPENCLAW_HOME (~/.openclaw/) with explicit refusal of out-of-scope paths
✓ Manifest updates use atomic read-then-write pattern on a JSON file
✓ Cross-filesystem fallback (cp+rm) is a known and documented edge case, not hidden behavior
✓ The 'empty' action's rm -rf is clearly documented as irreversible and requires user confirmation
✓ No malicious dependencies; only Node.js built-ins (fs, path, child_process) are used
✓ No supply chain risks: no package.json/requirements.txt, only POSIX utilities and Node.js built-ins