Skillv0.3.0

ClawScan security

Session Cleanup Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 12:48 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (scanning and guiding safe cleanup of OpenClaw session files); it requests only bash/node, performs only local filesystem scanning, and requires explicit user confirmation before destructive actions.
Guidance: This skill appears to do what it says: scan the OpenClaw session directory and propose deletions. Before running any cleanup: 1) Run the scan only (./skills/session-cleanup/scripts/scan_sessions.sh scan) and carefully inspect the JSON output. 2) Back up sessions.json and any .jsonl files you might want to keep (or archive them to a different directory) rather than immediate rm. 3) Be mindful of OPENCLAW_STATE_DIR and OPENCLAW_AGENT_ID environment overrides — if they are set, the script will operate on those paths instead of the defaults. 4) Prefer archiving/moving orphan files first; only perform hard deletes after a second, explicit confirmation. 5) Note that the provided script is read-only; the SKILL.md contains example rm commands which are destructive and must be executed deliberately. There are no network calls or hidden endpoints in the package. If you want extra safety, test on a copy of your state directory or run the scan in a non-production environment first.

Review Dimensions

Purpose & Capability: okName/description, included script (scripts/scan_sessions.sh), and SKILL.md are consistent: the skill scans sessions.json and the sessions directory for orphan .jsonl and stale sessions. Required binaries (bash, node) are appropriate for the provided scripts. No unrelated credentials, config paths, or third-party services are requested.
Instruction Scope: noteSKILL.md enforces a scan → confirm → apply flow and documents destructive commands (rm) to remove orphan .jsonl and update sessions.json. The provided script only performs a read-only scan and outputs JSON; deletion instructions are explicit in SKILL.md but not implemented as an automated delete in scripts. This is coherent, but the instructions do include direct rm commands (destructive) so operator confirmation and backups are essential.
Install Mechanism: okNo install spec (instruction-only + one local script). Nothing is downloaded or extracted from external URLs; code is included in the package. This is low-risk from an install perspective.
Credentials: okThe skill does not require credentials or config paths. The script honors optional environment overrides OPENCLAW_STATE_DIR and OPENCLAW_AGENT_ID (with safe defaults). Those are proportional and relevant to locating session files.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not attempt to modify other skills or agent-wide settings. It does not persist credentials or try to enable itself automatically.