Back to skill

Security audit

subsession-delete

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local cleanup skill that deletes a specified OpenClaw child session only when explicitly run in execute mode.

Install only if you need to remove OpenClaw child sessions. Run without --execute first, verify the exact session key or session id, and back up important transcripts or sessions.json before executing because deleted session data may not be recoverable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs destructive filesystem operations and modifies a session index, but it declares no explicit permissions. That mismatch is a real security issue because platforms and reviewers may underestimate the skill's ability to delete or alter local state, enabling unsafe execution without informed consent or proper policy enforcement. In context, the skill is intentionally designed to remove session artifacts, which makes the undeclared file read/write capability more sensitive rather than less.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises an `--execute` mode that permanently deletes session transcripts, trajectory files, and index entries, but it does not clearly warn that the action is destructive and likely irreversible. In an agent-skill context, users may copy-paste the example command directly, increasing the chance of accidental data loss from misuse, typoed session keys, or misunderstanding of dry-run versus execute behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.