Back to plugin

Security audit

Sess

Security checks across malware telemetry and agentic risk

Overview

The plugin's code, README, and declared configuration are coherent with its stated purpose of managing session snapshots; no unexpected credentials, downloads, or unrelated capabilities were requested—but note a packaging/metadata mismatch worth checking before install.

This plugin appears to do exactly what it says: take and manage named session snapshots saved to the agent's sessions directory. Before installing, consider the following: - Install from ClawHub or npm (openclaw plugins install sess or openclaw plugins install @detain/openclaw-sess) rather than copying files manually to ensure integrity. The package includes source TypeScript and plugin metadata—the registry note claiming "instruction-only" is inconsistent with the files included and should be treated as a packaging metadata issue, not an immediate security flag. - Review and set plugin config carefully: - storageDir: confirm where snapshots will be written (defaults to <agentDir>/sessions). Ensure the directory is on a filesystem and with permissions you trust. - httpRoutes: disable (false) if you don't need /sess/* HTTP endpoints exposed on the gateway; enabling them requires gateway auth, so only expose if you trust gateway tokens and network boundaries. - exposeTool: set to false if you do not want the model to be able to call sess_manage autonomously (prevents the agent from modifying snapshots itself). - autoSave: opt-in only; when enabled the plugin will write snapshots after every turn. - The plugin enforces 0600 file permissions and 0700 directory mode and uses atomic tmp→rename writes; still verify that your host's umask/filesystem won't make snapshot data world-readable. - If you operate in a multi-tenant or shared environment, treat snapshots as potentially sensitive conversation data and restrict access accordingly. - If you want extra assurance, review the full src/routes.ts and src/gateway.ts to confirm HTTP/gateway handlers enforce authentication and never leak snapshots to unauthenticated callers. If you'd like, I can scan the omitted source files (routes/gateway/service) for specific auth checks and any unexpected external endpoints or network calls.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.