ClawHub

Swarm Janitor

v0.1.0

Enterprise-grade OpenClaw skill for cleaning up orphaned subagent processes, archiving transcripts to SuperMemory, and freeing disk space without losing work. Features dry-run mode, configurable retention policies, and comprehensive safety checks.

2· 1.2k·2 current·3 all-time
by@lvcidpsyche
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's functionality (scanning ~/.openclaw/agents/... sessions, archiving to SuperMemory, and deleting orphaned sessions) is coherent with its name and description. However the SKILL.md repeatedly instructs running python3 scripts/swarm_janitor.py and other local scripts which are not present in the package (no scripts/ directory or code files included). That mismatch is a major coherence problem: the README assumes code that isn't bundled. The skill also references writing logs to /var/log and archiving destinations (local, s3, supermemory) that would require additional configuration/dependencies not declared.
!
Instruction Scope
The instructions instruct the agent/user to scan and remove files under ~/.openclaw/agents/main/sessions/, archive transcripts to SuperMemory, and optionally run cron jobs that write to /var/log. Those are powerful file-system operations and deletions. The SKILL.md also documents a SUPERMEMORY_API_KEY variable in config comments but the skill metadata does not declare or require that env var. Importantly, the instructions assume the existence of scripts that aren't provided—so the declared runtime behavior is unsupported by the packaged content. The instructions are specific enough to cause destructive actions (e.g., --clean --force) if the missing implementation were present.
Install Mechanism
There is no install spec and the skill is instruction-only, which reduces installation risk (nothing will be automatically downloaded or executed by the platform). However, because the SKILL.md tells users to copy files to ~/.openclaw and to run python scripts that aren't included, this points to incomplete packaging (the actual implementation may be expected to come from the referenced GitHub repo). You should not run the described commands until you obtain and inspect the real script sources from a trustworthy repository.
!
Credentials
Registry metadata declares no required environment variables, but references/config.yaml explicitly documents SUPERMEMORY_API_KEY and notes it is required for SuperMemory archival. The skill will need filesystem write access to ~/.openclaw paths and possibly /var/log for cron examples; those privileges are not declared. The omission of SUPERMEMORY_API_KEY and any S3 credentials (if S3 destination used) is a proportionality/information gap that could lead users to provide sensitive credentials without clear disclosure in metadata.
Persistence & Privilege
The skill does not request always: true and uses default autonomous-invocation settings (normal). It doesn't attempt to modify other skills or system-wide agent settings in the provided instructions. However, its recommended cron usage and writing to /var/log imply persistent scheduled invocation and possible need for elevated permissions; combine that operational persistence with the other concerns before enabling automated runs.
What to consider before installing
Do not run the shell/python commands shown in SKILL.md until you have the actual implementation to inspect. Specific steps to take before installing or enabling automation: - Verify origin: visit the claimed homepage (https://github.com/openclawdad/swarm-janitor) and confirm the repository contains the scripts (scripts/swarm_janitor.py) and matches the SKILL.md. - Inspect the code: review the actual Python scripts for exactly how they detect processes, determine 'orphaned' sessions, and delete files. Look for any network calls, unexpected endpoints, or credential exfiltration. - Confirm env and creds: SUPERMEMORY_API_KEY (and any S3 or other credentials) are referenced in config.yaml but not declared; understand where and how those values are used before supplying them. - Test safely: run any discovered script in a safe test environment or a copy of your sessions directory with dry-run enabled. Do not run --clean --force on production until you’ve confirmed behavior. - Check permissions: cron example writes to /var/log and may require root or elevated permissions; consider running under a restricted account and ensure proper backups exist. - If you cannot find the implementation repo or the scripts referenced, treat the package as incomplete/untrustworthy and do not enable automated deletions. Because the package is missing the executable scripts and has undeclared env and path implications, proceed cautiously; the inconsistencies could be benign (incomplete packaging) but could also hide risky operations if the missing code is later obtained from an untrusted source.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e5vvytavbty3gg5gp4qx8mh80nb84

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧹 Clawdis
Binspython3

Comments