ClawHub

Session Logs Forensics

v1.0.0

Analyze OpenClaw session JSONL history for cost spikes, tool-call anomalies, and behavior regressions with jq + rg.

0· 76·0 current·0 all-time
byDaniel Sinewe@danielsinewe·duplicate of @danielsinewe/openclaw-session-log-forensics·canonical: @guogang1024/session-logs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the required binaries (jq, rg) and the runtime instructions. The skill legitimately needs access to session JSONL files and uses jq/rg to analyze them; nothing requested is disproportionate to the stated forensics task.
Instruction Scope
Instructions explicitly tell the agent to read session files under ~/.openclaw/agents/<agentId>/sessions/ and run shell pipelines with jq/rg to compute costs, tool-call counts, and regressions. This is appropriate for forensic analysis, but it does mean the skill will read complete conversation history (sensitive data). There are no network exfiltration steps or references to other system credentials, but operator caution is warranted because it processes sensitive transcripts.
Install Mechanism
Instruction-only skill with no install spec and no downloads. Lowest-risk install profile; it assumes jq and rg are present on PATH, which matches the declared requirements.
Credentials
No environment variables, credentials, or config paths are requested beyond reading session files in the user's OpenClaw data directory. That file access is necessary for the described task and proportionate to the skill's purpose.
Persistence & Privilege
always is false, and the skill does not request any persistent system-wide changes or modification of other skills' configs. Autonomous invocation is allowed by default but not combined with other concerning privileges.
Assessment
This skill appears coherent and does what it claims: local forensic queries over OpenClaw session JSONL files using jq and rg. Before installing or running it, confirm you trust the operator invoking it because the skill reads full conversation history (sensitive content). Ensure you run it locally (no network steps are included), verify the agentId you supply to avoid scanning other agents, and confirm jq and rg on your system are the expected binaries (to avoid a malicious replacement). If you need stricter controls, run the commands manually or review the SKILL.md snippets before allowing autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

cost-analysisvk97evt29akmyw267ftt8hv9x9x84kk4rforensicsvk97evt29akmyw267ftt8hv9x9x84kk4rincident-responsevk97evt29akmyw267ftt8hv9x9x84kk4rlatestvk97evt29akmyw267ftt8hv9x9x84kk4ropenclawvk97evt29akmyw267ftt8hv9x9x84kk4ropsvk97evt29akmyw267ftt8hv9x9x84kk4rsession-logsvk97evt29akmyw267ftt8hv9x9x84kk4rtoolingvk97evt29akmyw267ftt8hv9x9x84kk4r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📜 Clawdis
Binsjq, rg

Comments