ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

openclaw-session-cleaner

v1.0.1

OpenClaw 会话清理助手,自动清理旧会话文件、重建 sessions.json、解决文件膨胀问题

0· 41·0 current·0 all-time
byc-3po@ccc-3po
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description describe cleaning OpenClaw session files; the SKILL.md explicitly runs shell commands in the OpenClaw sessions directory (/home/ubuntu/.openclaw/agents/main/sessions/), which is consistent with the purpose. However, the path is hard-coded to /home/ubuntu (not parametrized), which makes the skill brittle and possibly mis-targeted on systems with a different user layout.
!
Instruction Scope
The instructions invoke Bash and change into a specific user directory to inspect and (per the description) delete/rebuild session files. The fragment shown already cd's into /home/ubuntu/.openclaw/... and lists/remembers sessions.json size. The skill promises an "automatic execution flow" and claims "安全无风险" (safe/no-risk) despite implying file-deletion and replacement operations. There are no shown safeguards (dry-run, confirmation, backups, whitelists), no checks for correct user/agent context, and the hard-coded path could cause the agent to act on the wrong account if run with different permissions.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk (nothing is written to disk by an installer).
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a local filesystem-cleaning helper. There are no extra credentials requested.
Persistence & Privilege
always:false and model-invocation not disabled (defaults). The skill is user-invocable and not force-installed; no device-wide or cross-skill configuration changes are declared.
What to consider before installing
This skill runs shell commands against a user filesystem path and (by description) will delete/rebuild session files. Before installing or running it: 1) Inspect the entire SKILL.md to confirm exact delete/replace commands and whether there are safeguards. 2) Verify the target path (/home/ubuntu/.openclaw/...) is correct for your system — the path is hard-coded and may not match your environment. 3) Require a dry-run mode or add explicit confirmations and backups (copy sessions.json and session files elsewhere) before any delete/overwrite. 4) Run the commands manually in a safe test environment first or run as a non-privileged user to confirm behavior. 5) If you don't have the skills to audit shell commands, avoid installing this skill or ask the author to provide non-destructive, parameterized instructions and a safety review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f8knkk74j9tnjxyr2hcc57x847kh2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments