Skillv1.0.0

ClawScan security

sessions-manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 9, 2026, 2:25 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested resources are consistent with its stated purpose of listing and deleting local OpenClaw session metadata/history; it performs only local file reads/writes under ~/.openclaw and does not request credentials or network access.
Guidance: This skill is coherent and appears to do only what it claims: list sessions and delete session metadata/history under ~/.openclaw. Before installing or running: (1) review and keep a backup of ~/.openclaw/agents/main/sessions/sessions.json if you care about session history, since delete will permanently remove entries and files; (2) run the list command first to confirm which session will be deleted; (3) because the script runs as your user, avoid running it as root to reduce risk; (4) if you don't trust the unknown publisher, inspect the included scripts (they're small and present) rather than executing them blindly. If the skill later requested network access or additional credentials, or if its instructions changed to read other system paths, reassess (that would raise the risk).

Purpose & Capability: okName/description match the included CLI tool and its behavior: reading sessions.json and optionally deleting the matching .jsonl history files under ~/.openclaw. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okSKILL.md explicitly instructs running the included Python script and references the same ~/.openclaw session paths that the script uses. The instructions do not ask the agent to read unrelated files, environment variables, or to transmit data externally.
Install Mechanism: okNo install spec is provided (instruction-only). The skill includes a small Python script; there are no downloads, package installs, or archive extraction steps.
Credentials: okThe skill requests no environment variables, credentials, or external configuration. File access is limited to the local ~/.openclaw sessions directory, which is appropriate for a session-management utility.
Persistence & Privilege: okThe skill is not marked always:true and does not modify other skills or global agent settings. It performs local file deletions only (sessions.json and the matching .jsonl history file), which aligns with its purpose.