Session Init
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only session initializer is coherent, but it asks the agent to print private memory/profile files and includes misleading completion claims.
Install only if you intentionally want a manual checklist that can display memory, persona, skill, and MCP inventory data in the chat. Consider narrowing the trigger phrase, adding confirmation before file reads, redacting sensitive memory, and fixing the misleading “fully read” claims.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private memory or user-history notes could be revealed in the chat and reused as context even if they contain outdated, sensitive, or poisoned instructions.
The skill requires recent cross-session memory to be read and pasted into the current session, which can expose sensitive persistent context and make prior stored content influential.
执行:cat memory/*.md | tail -n 200 ... 输出:贴出最近 200 行记忆内容
Add explicit user confirmation, limit the memory paths and amount shown, prefer summaries/redaction by default, and state that stored memory should not override current user instructions.
The agent may tell the user it fully reviewed important files when it only inspected a small portion, reducing the reliability of the initialization report.
The command only displays the first 50 lines, but the forced message says the whole file was read, creating a false completion attestation.
head -n 50 ~/.openclaw/workspace/AGENTS.md && echo "...(已阅读全文,重点:自检五问、搜索-整合-实施、Truth Engine)"
Change the wording to accurately say only the file head was shown, or require a real full-file review with clear limits and no misleading completion claim.
The chat may include details about installed skills and available MCP tools, which could disclose how the local agent environment is configured.
The skill directs shell/tool commands that enumerate installed skills and MCP servers. This is related to its stated initialization purpose, but it reveals local environment/tool inventory.
执行:ls -l ~/.agents/skills/ ... 执行:ls -l ~/.openclaw/workspace/skills/ ... 执行:mcporter list ... mcporter info
Keep this step user-confirmed and consider showing summaries instead of full raw inventories unless the user explicitly asks.
A broad keyword such as “init” could cause the agent to perform a long initialization checklist instead of the user’s intended task.
The skill defines broad trigger words and a mandatory sequence that can take over the conversation flow once invoked.
任何包含以下关键词的消息都会触发 ... 执行流程(严格顺序,不得跳过任何一步)
Use a more specific trigger phrase and allow the user to confirm or skip sensitive steps.