ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

c3po-session-cleaner

v1.0.5

Clean up old OpenClaw session files and keep only active sessions

0· 53·0 current·0 all-time
byc-3po@ccc-3po
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the SKILL.md: it deletes .jsonl session files older than 3 days in the OpenClaw main agent session directory. The request is proportionate (no extra credentials or unrelated binaries). The instructions hard-code /home/ubuntu/.openclaw..., which makes the skill specific to that user/path and may not work correctly on other systems.
!
Instruction Scope
The instructions run destructive shell commands (cd to the path, then find . -name "*.jsonl" -mtime +3 -delete) with errors suppressed. There are no existence checks, no dry-run, and no safeguards: if the cd fails or the target directory is a symlink, the find -delete could run in an unexpected working directory and remove files outside the intended scope. Suppressing stderr (2>/dev/null) hides failures that would warn the user.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. The only runtime action is executing Bash commands from SKILL.md.
Credentials
The skill requests no environment variables, credentials, or config paths — nothing disproportionate for the stated task.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. Autonomous invocation is allowed by default; because the skill performs destructive filesystem operations, allowing autonomous runs increases potential impact and warrants extra safeguards (confirmation, dry-run).
What to consider before installing
This skill will run shell commands that delete files. Don't install or enable it unless you trust the exact path and want automatic deletions. If you proceed, request a safer SKILL.md: check the directory exists first (test -d), use an absolute path with find (e.g., find /home/ubuntu/.openclaw/agents/main/sessions -maxdepth 1 -name "*.jsonl" -mtime +3 -print), perform a dry-run (-print) before -delete, avoid suppressing errors, and avoid relying on cd so a failed cd can't cause deletions elsewhere. Also consider requiring an explicit confirmation or making autonomous invocation disallowed until reviewed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d2eqse6h4jf8jkm3xzwyv75849dcz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments