disk-cleaner

https://raw.githubusercontent.com/gccszs/disk-cleaner/main/skills/disk-cleaner/SKILL.md

github.com/gccszs/disk-cleaner

Scanned Thu, 28 May 2026 17:36:37 GMT

Scan ID crawl-h3ywybdwsta8rsofnjncmaq5 · 9ms

SCORE 55 / 100

Verdict: Proceed with caution

24 medium findings.

This skill spawns subprocesses outside its declared capabilities plus 23 other issues listed below.

0 critical0 high24 medium-12 rules passed

Why grade C?

score · 55 / 100

The current grade reflects 24 medium findings (6+ MEDs → C).

0 CRIT0 HIGH24 MED0 LOW

To reach a higher grade

B
Reach Btarget score 75
Resolve 19 of 24 MED (cap is 5).
A
Reach Atarget score 95
Resolve 22 of 24 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 209CWE-78

▾

207 '--json'

208 ]

209 result = subprocess.run(cmd, capture_output=True, text=True)← spawns a subprocess outside declared capabilities

210 return json.loads(result.stdout)

211

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 350CWE-78

▾

348```python

349import subprocess

350result = subprocess.run(['python', '--version'], capture_output=True, text=True)← spawns a subprocess outside declared capabilities

351# If this succeeds, you can use this skill

352```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 389CWE-78

▾

387```python

388# ALWAYS run quick sample first for unknown disk sizes

389result = subprocess.run(← spawns a subprocess outside declared capabilities

390 ['python', 'scripts/analyze_disk.py', '--sample', '--json'],

391 capture_output=True,

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 428CWE-78

▾

426def analyze_large_disk_safely(path, max_seconds=30):

427 """Safely analyze large disk with time limit"""

428 result = subprocess.run(← spawns a subprocess outside declared capabilities

429 ['python', 'scripts/analyze_progressive.py',

430 '--max-seconds', str(max_seconds),

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 526CWE-78

▾

524 # STEP 1: Quick sample (MANDATORY - do this first!)

525 print("🔍 Quick sampling disk...")

526 sample_result = subprocess.run(← spawns a subprocess outside declared capabilities

527 [python_cmd, 'scripts/analyze_disk.py', '--sample',

528 '--path', str(disk_path), '--json'],

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 550CWE-78

▾

548 # Small disk - full scan

549 print("✅ Using full scan (small disk)")

550 result = subprocess.run(← spawns a subprocess outside declared capabilities

551 [python_cmd, 'scripts/analyze_disk.py',

552 '--path', str(disk_path)],

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 563CWE-78

▾

561 minutes = estimated_time / 60

562 print(f"⚠️ Using time-limited scan (~{minutes:.1f} minutes)")

563 result = subprocess.run(← spawns a subprocess outside declared capabilities

564 [python_cmd, 'scripts/analyze_disk.py',

565 '--path', str(disk_path),

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 576CWE-78

▾

574 # Large disk - PROGRESSIVE MODE (MANDATORY)

575 print(f"🚨 Large disk detected! Using progressive scan (30 seconds)")

576 result = subprocess.run(← spawns a subprocess outside declared capabilities

577 [python_cmd, 'scripts/analyze_progressive.py',

578 '--path', str(disk_path),

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 669CWE-78

▾

667 try:

668 # Try 'python' first (Windows, some Unix)

669 result = subprocess.run(← spawns a subprocess outside declared capabilities

670 ['python', '--version'],

671 capture_output=True,

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 682CWE-78

▾

680 try:

681 # Try 'python3' (macOS, Linux)

682 result = subprocess.run(← spawns a subprocess outside declared capabilities

683 ['python3', '--version'],

684 capture_output=True,

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 847CWE-78

▾

845

846 try:

847 result = subprocess.run(← spawns a subprocess outside declared capabilities

848 [python_cmd, str(check_script)],

849 capture_output=True,

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 943CWE-78

▾

941 print(f"🔧 Executing: {' '.join(cmd)}")

942

943 result = subprocess.run(← spawns a subprocess outside declared capabilities

944 cmd,

945 capture_output=True,

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 1027CWE-78

▾

1025```python

1026# Quick sample (1 second) - Get instant estimate

1027subprocess.run(['python', 'scripts/analyze_disk.py', '--sample'])← spawns a subprocess outside declared capabilities

1028

1029# Progressive scan (30 seconds) - Get partial results quickly

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 1030CWE-78

▾

1028

1029# Progressive scan (30 seconds) - Get partial results quickly

1030subprocess.run(['python', 'scripts/analyze_progressive.py',← spawns a subprocess outside declared capabilities

1031 '--max-seconds', '30'])

1032

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 1034CWE-78

▾

1032

1033# Limited file count (fast)

1034subprocess.run(['python', 'scripts/analyze_disk.py',← spawns a subprocess outside declared capabilities

1035 '--file-limit', '10000'])

1036

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 1038CWE-78

▾

1036

1037# Full scan with time limit

1038subprocess.run(['python', 'scripts/analyze_disk.py',← spawns a subprocess outside declared capabilities

1039 '--time-limit', '120'])

1040```

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 1064CWE-78

▾

1062

1063python_cmd = 'python' if os.name == 'nt' else 'python3'

1064result = subprocess.run([python_cmd, '--version'], capture_output=True, text=True)← spawns a subprocess outside declared capabilities

1065```

1066

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 1187CWE-78

▾

1185 # 2. Verify Python

1186 try:

1187 result = subprocess.run(← spawns a subprocess outside declared capabilities

1188 [python_cmd, '--version'],

1189 capture_output=True,

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 1250CWE-78

▾

1248 # Run

1249 try:

1250 result = subprocess.run(← spawns a subprocess outside declared capabilities

1251 cmd,

1252 capture_output=True,

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 1313CWE-78

▾

1311def safe_disk_analysis(disk_path):

1312 # Step 1: ALWAYS sample first

1313 sample = subprocess.run(← spawns a subprocess outside declared capabilities

1314 ['python', 'scripts/analyze_disk.py', '--sample', '--json'],

1315 capture_output=True,

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 1331CWE-78

▾

1329 if estimate < 30:

1330 # Full scan

1331 return subprocess.run(['python', 'scripts/analyze_disk.py'])← spawns a subprocess outside declared capabilities

1332 elif estimate < 120:

1333 # Time limited

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 1334CWE-78

▾

1332 elif estimate < 120:

1333 # Time limited

1334 return subprocess.run(['python', 'scripts/analyze_disk.py', '--time-limit', '60'])← spawns a subprocess outside declared capabilities

1335 else:

1336 # Progressive (MANDATORY for large disks)

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 1337CWE-78

▾

1335 else:

1336 # Progressive (MANDATORY for large disks)

1337 return subprocess.run(['python', 'scripts/analyze_progressive.py', '--max-seconds', '30'])← spawns a subprocess outside declared capabilities

1338```

1339

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

Scan another →Share

skillox.io/r/crawl-h3ywybdwsta8rsofnjncmaq5