Skillv0.1.0

ClawScan security

Swarm Janitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (clean orphaned subagent sessions and archive transcripts) is plausible, but the runtime instructions reference scripts and behaviors that are not included or declared (missing script files, undeclared environment usage, and filesystem paths), so you should verify the actual implementation before installing or running destructive operations.
Guidance: Do not run the shell/python commands shown in SKILL.md until you have the actual implementation to inspect. Specific steps to take before installing or enabling automation: - Verify origin: visit the claimed homepage (https://github.com/openclawdad/swarm-janitor) and confirm the repository contains the scripts (scripts/swarm_janitor.py) and matches the SKILL.md. - Inspect the code: review the actual Python scripts for exactly how they detect processes, determine 'orphaned' sessions, and delete files. Look for any network calls, unexpected endpoints, or credential exfiltration. - Confirm env and creds: SUPERMEMORY_API_KEY (and any S3 or other credentials) are referenced in config.yaml but not declared; understand where and how those values are used before supplying them. - Test safely: run any discovered script in a safe test environment or a copy of your sessions directory with dry-run enabled. Do not run --clean --force on production until you’ve confirmed behavior. - Check permissions: cron example writes to /var/log and may require root or elevated permissions; consider running under a restricted account and ensure proper backups exist. - If you cannot find the implementation repo or the scripts referenced, treat the package as incomplete/untrustworthy and do not enable automated deletions. Because the package is missing the executable scripts and has undeclared env and path implications, proceed cautiously; the inconsistencies could be benign (incomplete packaging) but could also hide risky operations if the missing code is later obtained from an untrusted source.

Review Dimensions

Purpose & Capability: concernThe skill's functionality (scanning ~/.openclaw/agents/... sessions, archiving to SuperMemory, and deleting orphaned sessions) is coherent with its name and description. However the SKILL.md repeatedly instructs running python3 scripts/swarm_janitor.py and other local scripts which are not present in the package (no scripts/ directory or code files included). That mismatch is a major coherence problem: the README assumes code that isn't bundled. The skill also references writing logs to /var/log and archiving destinations (local, s3, supermemory) that would require additional configuration/dependencies not declared.
Instruction Scope: concernThe instructions instruct the agent/user to scan and remove files under ~/.openclaw/agents/main/sessions/, archive transcripts to SuperMemory, and optionally run cron jobs that write to /var/log. Those are powerful file-system operations and deletions. The SKILL.md also documents a SUPERMEMORY_API_KEY variable in config comments but the skill metadata does not declare or require that env var. Importantly, the instructions assume the existence of scripts that aren't provided—so the declared runtime behavior is unsupported by the packaged content. The instructions are specific enough to cause destructive actions (e.g., --clean --force) if the missing implementation were present.
Install Mechanism: noteThere is no install spec and the skill is instruction-only, which reduces installation risk (nothing will be automatically downloaded or executed by the platform). However, because the SKILL.md tells users to copy files to ~/.openclaw and to run python scripts that aren't included, this points to incomplete packaging (the actual implementation may be expected to come from the referenced GitHub repo). You should not run the described commands until you obtain and inspect the real script sources from a trustworthy repository.
Credentials: concernRegistry metadata declares no required environment variables, but references/config.yaml explicitly documents SUPERMEMORY_API_KEY and notes it is required for SuperMemory archival. The skill will need filesystem write access to ~/.openclaw paths and possibly /var/log for cron examples; those privileges are not declared. The omission of SUPERMEMORY_API_KEY and any S3 credentials (if S3 destination used) is a proportionality/information gap that could lead users to provide sensitive credentials without clear disclosure in metadata.
Persistence & Privilege: okThe skill does not request always: true and uses default autonomous-invocation settings (normal). It doesn't attempt to modify other skills or system-wide agent settings in the provided instructions. However, its recommended cron usage and writing to /var/log imply persistent scheduled invocation and possible need for elevated permissions; combine that operational persistence with the other concerns before enabling automated runs.