OpenClaw Session Logs

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only guide for searching your local OpenClaw conversation history, with privacy risk that is disclosed and central to its purpose.

Install this only if you want an agent to search your local OpenClaw conversation history. Ask for specific dates, sessions, or keywords where possible, and avoid pasting or returning secrets or sensitive personal details from old chats unless you explicitly need them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs the agent to search a user's complete historical session logs and presents broad grep/jq recipes over all sessions without privacy guardrails, consent checks, or minimization guidance. Because prior conversations can contain sensitive personal data, secrets, or unrelated contextual information, this creates a real risk of unnecessary disclosure when a user asks about past chats.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The skill normalizes searching across complete prior conversation logs and even includes commands to scan all session files for phrases, which can surface sensitive data from unrelated older sessions. In context, this is more dangerous because the data source is a long-lived transcript store that may aggregate personal information, credentials, or confidential tool outputs across many conversations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal