Skillv1.0.1

ClawScan security

openclaw-session-cleaner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 4, 2026, 6:51 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (cleaning OpenClaw session files) aligns with its instructions, but the runtime instructions perform shell operations on a hard-coded user filesystem path and imply destructive actions (deleting/rebuilding session files) with no safeguards or confirmation — this is coherent but risky and warrants manual review before use.
Guidance: This skill runs shell commands against a user filesystem path and (by description) will delete/rebuild session files. Before installing or running it: 1) Inspect the entire SKILL.md to confirm exact delete/replace commands and whether there are safeguards. 2) Verify the target path (/home/ubuntu/.openclaw/...) is correct for your system — the path is hard-coded and may not match your environment. 3) Require a dry-run mode or add explicit confirmations and backups (copy sessions.json and session files elsewhere) before any delete/overwrite. 4) Run the commands manually in a safe test environment first or run as a non-privileged user to confirm behavior. 5) If you don't have the skills to audit shell commands, avoid installing this skill or ask the author to provide non-destructive, parameterized instructions and a safety review.

Review Dimensions

Purpose & Capability: noteName/description describe cleaning OpenClaw session files; the SKILL.md explicitly runs shell commands in the OpenClaw sessions directory (/home/ubuntu/.openclaw/agents/main/sessions/), which is consistent with the purpose. However, the path is hard-coded to /home/ubuntu (not parametrized), which makes the skill brittle and possibly mis-targeted on systems with a different user layout.
Instruction Scope: concernThe instructions invoke Bash and change into a specific user directory to inspect and (per the description) delete/rebuild session files. The fragment shown already cd's into /home/ubuntu/.openclaw/... and lists/remembers sessions.json size. The skill promises an "automatic execution flow" and claims "安全无风险" (safe/no-risk) despite implying file-deletion and replacement operations. There are no shown safeguards (dry-run, confirmation, backups, whitelists), no checks for correct user/agent context, and the hard-coded path could cause the agent to act on the wrong account if run with different permissions.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk (nothing is written to disk by an installer).
Credentials: okThe skill declares no required environment variables or credentials, which is appropriate for a local filesystem-cleaning helper. There are no extra credentials requested.
Persistence & Privilege: okalways:false and model-invocation not disabled (defaults). The skill is user-invocable and not force-installed; no device-wide or cross-skill configuration changes are declared.