Workspace Temp
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read files and write copies into the workspace temp directory when carrying out file-processing tasks.
The skill asks for file read/write capabilities and session lookup. This is powerful enough to notice, but it is consistent with managing temporary workspace files.
"tools": ["sessions_list", "read", "write"]
Use it for intended temporary-file workflows and review prompts involving sensitive or important files before allowing file operations.
The skill can learn the configured workspace path and current session identifier.
The skill uses local OpenClaw configuration and session metadata to locate the workspace and create a per-session temp path. This is disclosed and fits the stated purpose.
requires access to `~/.openclaw/openclaw.json` ... and the `sessions_list` tool
Install only if you are comfortable with the agent using local OpenClaw config and session information for temp-directory routing.
Sensitive documents copied into temp may remain available in the workspace until removed.
The skill may place copies of user-specified files in a persistent workspace temp location, and cleanup is described as optional elsewhere in the workflow.
Files processed through this skill may temporarily contain sensitive data in the temp directory.
Avoid processing secrets or credentials with this skill, and periodically clean the workspace temp directory if sensitive files were used.