Back to skill
Skillv1.0.0
ClawScan security
Continuous Context Preserver · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 1:41 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, instructions, and single cleanup script are consistent with its stated purpose of continuously logging compressed session summaries to local files; there are no unexpected network calls, credential requests, or installer steps.
- Guidance
- This skill appears coherent and local-only, but review these before enabling: 1) Inspect and, if necessary, harden file permissions on ~/.openclaw/workspace/sessions and logs to prevent other users/processes from reading sensitive conversation data. 2) Confirm the retention setting you choose (RETENTION_DAYS) is correct and that you or the agent will not accidentally set it to an unintended value. 3) If you will run the cleanup script via cron, verify the crontab entry and PATH/environment used by cron so the script runs as expected. 4) Consider encrypting highly sensitive notes or excluding them from session logs (the SKILL.md already advises compressing/omitting raw logs). 5) Always review the cleanup.sh file and test it on a non-production directory to ensure it deletes only what you expect.
Review Dimensions
- Purpose & Capability
- okName and description describe continuous local session logging; the SKILL.md and cleanup.sh implement exactly that (create session files, append compressed context, and delete old files). No unrelated credentials, binaries, or external services are requested.
- Instruction Scope
- okInstructions are narrowly scoped to creating/maintaining session files, compressing summaries, and running a local cleanup script or cron job. They do not instruct reading other system config, exfiltrating data, or contacting external endpoints. They do ask the agent/operator to update AGENTS.md and HEARTBEAT.md (documentation) and to choose a retention period.
- Install Mechanism
- okThis is an instruction-only skill with no install spec; the only code is a simple, local shell cleanup script. Nothing is downloaded or executed from remote sources.
- Credentials
- okNo environment variables, credentials, or config paths are required. The cleanup script uses standard HOME-path defaults but allows overriding via safe environment variables (SESSIONS_DIR, LOG_FILE, RETENTION_DAYS).
- Persistence & Privilege
- noteSkill does write files under ~/.openclaw/workspace/sessions and logs under ~/.openclaw/workspace/logs and suggests a cron entry; it does not request always: true. Writing local files and scheduling cleanup is expected for this purpose, but it does grant persistent local data storage which has privacy implications.