ccc3po-session-cleaner

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says by deleting old OpenClaw session files, but users should understand that the deletion is permanent and not previewed first.

Install only if you want old OpenClaw session history under /home/ubuntu/.openclaw/agents/main/sessions/ removed. Before running it, confirm that this hardcoded path is correct, that deleting .jsonl files older than three days is acceptable, and that the openclaw CLI is available to rebuild sessions.json afterward.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrase "clean sessions" is broad and can be invoked without any built-in confirmation, preview, or explicit scope restriction. Because the skill performs deletion of session files, an imprecise trigger increases the chance of accidental execution and unintended data loss, especially in routine maintenance contexts where a user may not realize destructive actions will occur.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill silently deletes files with `find . -name "*.jsonl" -mtime +3 -delete` but the description presents it as a safe cleanup operation without clearly warning that historical session data will be permanently removed. This mismatch makes accidental destructive use more likely and may cause loss of audit/history data if the operator assumes the action is harmless maintenance.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal