Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Session Archive Manager
v1.0.0智能管理OpenClaw会话文件 - 裁剪大session、生成智能总结、归档旧会话、清理空间。使用场景:session文件过大、需要释放磁盘空间、整理旧会话记录、自动定期归档。当用户提到"归档session"、"裁剪会话"、"清理session空间"、"整理旧会话"、"session太大"、"运行session...
⭐ 0· 41·0 current·0 all-time
by@delgyd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (manage/trim/archive OpenClaw session files) aligns with the provided scripts, but the implementation hardcodes system paths under /root (e.g. /root/.openclaw/agents/main/sessions and /root/.openclaw/workspace) rather than using the SKILL.md-recommended ~/ paths or exported environment variables. That mismatch means the scripts will operate on root-owned locations by default, which is unexpected given the SKILL.md instructions and is disproportionate if a user expects them to only touch their local agent session dir.
Instruction Scope
SKILL.md instructs users to run scripts from ~/.agents/skills/session-archive-manager and suggests configurable env variables (SESSION_DIR, ARCHIVE_DIR, SUMMARY_DIR). In contrast, the scripts ignore those env vars and use hardcoded /root paths and different script locations (e.g. /root/.openclaw/workspace/archive_sessions.sh). setup_cron.sh and trim_and_archive.sh reference paths that don't match the repository layout. This inconsistency can cause scripts to fail or to act on unintended directories (including deleting files).
Install Mechanism
No install spec or external downloads are used — it's an instruction-only skill with local shell/Python scripts. There are no network fetches or archive extraction steps in the repository, which keeps install risk low. However, running the included scripts writes to disk and modifies crontab (see persistence_privilege).
Credentials
The skill declares no required env vars, but SKILL.md suggests optional env vars. The scripts do not read those env vars; instead they use hardcoded directories. The scripts manipulate and delete files (archive, gzip, rm) under /root/.openclaw and will remove files older than thresholds — this behavior is broadly consistent with archiving, but the lack of use of user-provided env overrides makes the defaults surprising and potentially dangerous.
Persistence & Privilege
setup_cron.sh modifies the user's crontab to schedule the archive script; trim/setup will therefore create a persistent scheduled task. The cron job points at /root/.openclaw/workspace/archive_sessions.sh (and logs to /root/.openclaw/workspace/archive_sessions.log), which combined with the hardcoded /root directories could result in hourly autonomous runs affecting root-owned files. Adding a cron job is a significant persistence action and should be done only after confirming paths and running as the intended user.
What to consider before installing
This skill does perform the claimed tasks (trimming, summarizing, archiving), but before installing or running it you should: 1) Inspect and edit all hardcoded paths (SESSIONS_DIR, ARCHIVE_DIR, SUMMARY_DIR, any /root/.openclaw/workspace references) to match your environment — do NOT run as root unless you intentionally want to affect /root. 2) Confirm the cron job path in setup_cron.sh points at the script you intend to schedule (the repo scripts live in scripts/, but cron references /root/.openclaw/workspace), and only add the cron job after verifying the command and log file locations. 3) Back up your sessions directory first and test scripts on a small sample in dry-run mode. 4) Consider making the scripts honor exported env vars (SESSION_DIR, etc.) rather than hardcoded defaults. 5) If you are uncomfortable editing scripts, avoid running setup_cron.sh and run the trimming scripts manually while you verify behavior. The current inconsistencies could lead to accidental deletion of files if the scripts run against the wrong directory.Like a lobster shell, security has layers — review code before you run it.
latestvk97ftrrvexdgf9351vvf5afbt983rbeb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.