ClawHub

OpenClaw Session Log Forensics

v0.2.0

Analyze OpenClaw session JSONL history for cost spikes, tool-call anomalies, and behavior regressions with jq + rg.

0· 42·0 current·0 all-time
byDaniel Sinewe@danielsinewe·fork of @guogang1024/session-logs (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask for JSONL session forensics and the skill only requires jq and rg and points to the OpenClaw session path — these binaries and the file paths are appropriate and proportional to the stated task.
Instruction Scope
SKILL.md contains concrete shell commands that only read and parse session JSONL files under ~/.openclaw/agents/<agentId>/sessions/ to compute costs, tool-call counts, and regressions. The instructions reference the agentId from the runtime/system prompt, which is reasonable for locating the correct session directory. There are no instructions to exfiltrate data or call external endpoints.
Install Mechanism
No install specification (instruction-only skill). This is lower-risk — nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, secrets, or external credentials. It accesses a local path containing session logs, which is consistent with the forensic purpose.
Persistence & Privilege
Skill is not always-enabled and uses default autonomous invocation settings. It does not request elevated persistence or modify other skills or system-wide settings.
Assessment
This skill appears coherent and performs only local log parsing. Before installing: (1) confirm jq and rg are installed and up-to-date; (2) verify the ~/.openclaw/agents/<agentId>/sessions/ path and agentId are correct; (3) be aware the commands will read all session logs (may contain sensitive or PII data) — only use with agents/users you trust; (4) if you want stricter control, run the recommended commands manually first to inspect outputs and then permit the skill to run them. If you need the skill not to run autonomously, restrict agent invocation policies even though always:false by default.

Like a lobster shell, security has layers — review code before you run it.

cost-analysisvk97cgny3694k8s49zkfwewr71d84a8hmdebuggingvk97cgny3694k8s49zkfwewr71d84a8hmforensicsvk97cgny3694k8s49zkfwewr71d84a8hmjqvk97cgny3694k8s49zkfwewr71d84a8hmlatestvk97cgny3694k8s49zkfwewr71d84a8hmlogsvk97cgny3694k8s49zkfwewr71d84a8hmobservabilityvk97cgny3694k8s49zkfwewr71d84a8hmopenclawvk97cgny3694k8s49zkfwewr71d84a8hmrgvk97cgny3694k8s49zkfwewr71d84a8hm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📜 Clawdis
Binsjq, rg

Comments