Session Hygiene

Security checks across malware telemetry and agentic risk

Overview

This skill performs disclosed local cleanup of OpenClaw session files and does not show hidden network access, credential use, or unrelated behavior.

Install only if you want local OpenClaw session maintenance that rewrites sessions.json and rotates archived session history. Run with --dry-run first, back up sessions.json before initial use, and set --archive-retention-days to match your recovery, audit, or compliance needs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill clearly directs the user to run a maintenance script that rewrites session storage and removes retained archive files, which are file-write and file-delete capabilities, yet no permissions are declared. This creates a transparency and trust problem: operators may invoke a skill that performs destructive filesystem actions without an explicit permission boundary or warning.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The documented behavior does not fully match the described purpose: the skill claims setup of automated cron maintenance, but the markdown only shows an example cron call for the user to create, while the underlying behavior also deletes old archive files. Description/behavior mismatches are dangerous because they can cause users to authorize or run destructive maintenance under an incomplete understanding of what will actually happen.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The markdown instructs users to execute a cleanup script that archives sessions, rewrites session storage, and deletes old archive files, but it does so without an explicit destructive-action warning. This is dangerous because an operator may run the command in production assuming it is harmless maintenance, leading to unintended data loss or loss of forensic/history records.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal