ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Session Cleanup

v1.0.0

Clean up accumulated subagent and cron:run child sessions in OpenClaw to fix slow subagent startup. Use when: subagents are slow to start, sessions.json is t...

0· 46·0 current·0 all-time
by@lrddrl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (clean OpenClaw sessions.json to speed subagents) is consistent with the actions described (stop gateway, run cleanup script, restart). However the SKILL.md assumes a cleanup.ps1 script exists; the skill bundle contains no code or install step that supplies that script, which is an inconsistency worth noting.
!
Instruction Scope
The instructions tell the user to stop the gateway, run a PowerShell cleanup script (with a dangerous -CleanJsonl flag that deletes conversation history), and restart the gateway. That behavior is in-scope for session cleanup, but the doc presumes a local .\cleanup.ps1 is present and gives a destructive option. The skill does not provide the script, nor does it include cross-platform variants (only PowerShell examples), so following these instructions without verifying the script could delete user data.
Install Mechanism
No install spec or downloaded code is present, so nothing is written to disk by the skill itself. This minimizes supply-chain risk, but also means the missing cleanup script must come from elsewhere.
Credentials
The skill requests no environment variables, credentials, or config paths. There is no sign of unrelated credential access.
Persistence & Privilege
always:false and normal invocation settings. The skill does not request persistent presence or modification of other skills or system-wide settings.
What to consider before installing
This SKILL.md describes a reasonable maintenance task but does not ship the cleanup.ps1 script it tells you to run. Before using it: (1) locate or obtain the cleanup.ps1 it expects and inspect its contents thoroughly — do not run unknown PowerShell. (2) Back up sessions.json and any .jsonl files; prefer the documented -DryRun first to preview changes. (3) Avoid the -CleanJsonl flag unless you intentionally want to permanently delete conversation history. (4) Confirm your environment (PowerShell available, OpenClaw CLI installed) and, if you're not on Windows, ask for or create an equivalent script for your OS. If the skill author can provide the cleanup script or the SKILL.md is updated to include the script contents or a trusted install step, re-evaluate — that would likely make the skill coherent and lower-risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f1tyv9yer6296dvkssxz69184htg5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments