Security audit
Sess
Security checks across malware telemetry and agentic risk
Overview
The plugin's code, README, and declared configuration are coherent with its stated purpose of managing session snapshots; no unexpected credentials, downloads, or unrelated capabilities were requested—but note a packaging/metadata mismatch worth checking before install.
This plugin appears to do exactly what it says: take and manage named session snapshots saved to the agent's sessions directory. Before installing, consider the following: - Install from ClawHub or npm (openclaw plugins install sess or openclaw plugins install @detain/openclaw-sess) rather than copying files manually to ensure integrity. The package includes source TypeScript and plugin metadata—the registry note claiming "instruction-only" is inconsistent with the files included and should be treated as a packaging metadata issue, not an immediate security flag. - Review and set plugin config carefully: - storageDir: confirm where snapshots will be written (defaults to <agentDir>/sessions). Ensure the directory is on a filesystem and with permissions you trust. - httpRoutes: disable (false) if you don't need /sess/* HTTP endpoints exposed on the gateway; enabling them requires gateway auth, so only expose if you trust gateway tokens and network boundaries. - exposeTool: set to false if you do not want the model to be able to call sess_manage autonomously (prevents the agent from modifying snapshots itself). - autoSave: opt-in only; when enabled the plugin will write snapshots after every turn. - The plugin enforces 0600 file permissions and 0700 directory mode and uses atomic tmp→rename writes; still verify that your host's umask/filesystem won't make snapshot data world-readable. - If you operate in a multi-tenant or shared environment, treat snapshots as potentially sensitive conversation data and restrict access accordingly. - If you want extra assurance, review the full src/routes.ts and src/gateway.ts to confirm HTTP/gateway handlers enforce authentication and never leak snapshots to unauthenticated callers. If you'd like, I can scan the omitted source files (routes/gateway/service) for specific auth checks and any unexpected external endpoints or network calls.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
