ClawHub

Session History Retriever Clean

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for finding and reusing prior OpenClaw session history, but users should treat old conversations as sensitive before forwarding or exporting them.

Install only if you want an agent to inspect and reuse prior OpenClaw conversations. Before sending history into another session or exporting it to a file, review the content, remove secrets and personal data, keep limits small, prefer summaries or selected excerpts, and delete exported files when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill documentation expands beyond the declared scope by instructing use of additional tools such as session status commands and local export workflows. This can cause agents to invoke capabilities the manifest did not clearly authorize, increasing the chance of unintended data exposure or unsafe operator assumptions about what the skill is supposed to do.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The example exports complete session history to a local file, which can write sensitive conversation data to disk outside the stated retrieval-and-reference purpose. Persisting transcripts locally increases the risk of disclosure through filesystem access, backups, logs, or later reuse without user awareness.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill states it is not intended for creating new sessions, but later provides a concrete example using sessions_spawn to do exactly that. This contradiction can mislead agents into exceeding the advertised scope and can result in unintended propagation of historical context into newly created conversations.

Intent-Code Divergence

High
Confidence
91% confidence
Finding
The documentation contains an internal policy contradiction: it says not to use the skill for creating new sessions, yet elsewhere instructs doing so. Conflicting guidance undermines safe use boundaries and makes it more likely that an agent will select the wrong tool path and mishandle conversation context.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill encourages retrieving and re-sending prior session history, which can expose sensitive data from earlier conversations into a new or current chat context without any privacy warning or scoping guidance. In a session-management skill, this is materially risky because imported history may contain secrets, personal data, or internal reasoning that was only appropriate in the original session.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill promotes importing and forwarding session history between conversations without a strong, front-loaded warning about privacy, consent, and data minimization. Because session history can contain secrets, personal data, or prior sensitive instructions, forwarding it across sessions can leak information into contexts with different participants, permissions, or retention settings.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Exporting complete session history to a local file without an explicit sensitivity warning encourages persistent storage of potentially confidential transcripts. Once written to disk, the data may be exposed through shared machines, insecure permissions, indexing, backups, or accidental upload to other tools.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal