ClawHub

OpenClaw Session Cleanup

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate cleanup purpose, but it tells users to run an unbundled PowerShell cleanup script that can change OpenClaw session state and optionally delete conversation history.

Review this before installing or using it. Only run the cleanup from a trusted OpenClaw directory where you can inspect the actual cleanup.ps1 script, run -DryRun first, back up sessions.json and any .jsonl history you care about, and use -CleanJsonl only if you intentionally want conversation history removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill declares broad symptom-based activation criteria such as slow subagent startup, large sessions.json, and general cleanup mentions without defining exclusion boundaries or confirmation requirements. This can cause the agent to invoke a state-modifying maintenance workflow in situations where the user may only be asking for diagnosis or information, increasing the chance of unintended operational changes or data loss if dangerous flags are later used.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The Chinese guidance says the skill must be used when the user mentions loosely defined symptoms, effectively forcing activation on ambiguous cues. Because this skill stops the gateway and can optionally delete history files, mandatory activation on vague mentions raises the risk of disruptive or destructive actions being proposed or taken without clear user authorization.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal