Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Session Relay
v1.2.0Automatic session continuity and task handoff across context window boundaries. Use when: (1) context token usage exceeds 70% of the model's context window,...
⭐ 0· 87·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description align with its actions: it pulls recent session history and writes snapshots for continuity. The included archive script and snapshot format reference are coherent with a relay/snapshot feature. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
The SKILL.md instructs the agent to fetch verbatim conversation tails (user+assistant) and to save reproduction commands, file paths, URLs, and error messages into workspace/memory/relay-snapshot.md. Although it states 'No secrets' and 'Strip any API keys/tokens that appear in conversation,' that sanitization is left to the agent and cannot be enforced. Writing verbatim history and commands to disk increases the risk of accidental secret capture and exfiltration. It also mandates performing the fetch 'before doing anything else' on startup, which broadens the action scope and could run automatically if the agent is allowed to invoke the skill.
Install Mechanism
No install spec (instruction-only) and a small, transparent shell script for archiving snapshots. Nothing is downloaded from external URLs and no archives are extracted. Low install risk.
Credentials
The skill requests no environment variables, credentials, or external config paths. That is proportionate to its purpose. However, its behavior of capturing verbatim messages and reproduction commands means it may inadvertently capture secrets present in conversation content despite claiming not to.
Persistence & Privilege
always:false (not force-included). The skill prescribes automatic behavior at session startup (fetch history before doing anything else) which implies it expects autonomous invocation; that is allowed by default but increases privacy exposure if the agent invokes it without explicit user consent. The skill writes snapshot files into {workspace}/memory and archives them — this is normal for persistence but means local disk storage must be trusted and protected.
Scan Findings in Context
[unicode-control-chars] unexpected: The pre-scan detected Unicode control characters in SKILL.md. These are not needed for a session-relay feature and can be used for prompt-injection or to alter how downstream processors interpret the instructions. This is suspicious and should be investigated or removed before trusting the skill.
What to consider before installing
This skill does what it says (pulls recent sessions and saves snapshots) but it saves verbatim conversation text, commands, file paths and reproduction steps to disk. That makes it easy to accidentally capture API keys, passwords, private URLs, or other secrets even though the document says to 'strip' them — stripping is not enforced. Before installing, consider: (1) restrict or review what session content can be fetched (prefer summaries instead of verbatim tails), (2) require user confirmation before automatic startup fetches, (3) ensure snapshot files are stored in an encrypted/private workspace and not uploaded or backed up publicly, (4) audit the SKILL.md for the Unicode-control-chars finding and remove any suspicious characters, and (5) test in a sandboxed agent with no sensitive data to verify sanitization works. If you cannot guarantee secure storage and reliable secret-stripping, treat this skill as higher-risk and avoid enabling it for sessions containing credentials or private data.Like a lobster shell, security has layers — review code before you run it.
latestvk971gc515awqr203n27vgjvzss83ahyr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.