Session Logs Forensics

Security checks across malware telemetry and agentic risk

Overview

This is a local session-log forensics helper that reads OpenClaw conversation history as advertised and does not install code, persist, modify data, or send data elsewhere.

Install only if you are comfortable allowing an agent to read local OpenClaw session transcripts. Use specific agent IDs, dates, keywords, or session IDs where possible, and avoid sharing raw transcript extracts unless you have reviewed them for secrets or personal information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly directs operators to search complete session histories under ~/.openclaw/agents/<agentId>/sessions/ and extract user/assistant content, but provides no privacy warning, access constraints, or data-minimization guidance. Because these logs can contain full conversation transcripts, tool outputs, and potentially secrets or personal data, routine use of the documented commands can expose sensitive information beyond what is necessary for the user’s immediate request.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal