Subagent Distiller
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches its memory-distillation purpose, but it broadly copies OpenClaw conversation logs, including reset/deleted logs, into persistent files and subagent tasks without clear scoping or retention controls.
Before installing, verify the source repository, edit the scripts to use your intended OpenClaw workspace, exclude deleted/reset or sensitive sessions, review generated chunks and extraction_tasks.json before any subagent processing, and avoid enabling the recommended cron job until you are comfortable with what will be retained.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private past conversations, including content the user may consider deleted or obsolete, can be copied into persistent memory-processing files.
The skill reads the main agent's session logs, including files marked reset/deleted, and writes raw conversation content into chunk JSON files before later filtering.
SESSIONS_DIR = Path("/home/aqukin/.openclaw/agents/main/sessions") ... SESSIONS_DIR.glob('*.jsonl.deleted.*') ... 'content': contentRequire an explicit, configurable session path; exclude deleted/reset sessions by default; add allowlists, redaction, retention limits, and a clear cleanup command for chunks/tasks/state.
Sensitive chat content may be handed to another agent context, and instructions inside old chats could influence what gets written into long-term memory.
Raw conversation slices are embedded into prompts saved as extraction tasks and intended to be processed by spawned subagents, but the artifacts do not define the subagent identity, permissions, or data boundary.
【内容】:\n{slice_data['content']} ... 'prompt': prompt ... "主代理使用 sessions_spawn 逐个处理这些任务"Treat session content as untrusted data, add prompt-injection safeguards, require user review before spawning subagents, and document which model/agent receives the task files.
After setup, new conversations may keep being captured into this memory pipeline without a per-run prompt.
The documentation recommends a persistent cron job that continues scanning and generating extraction tasks on a schedule.
每日自动运行(推荐) ... 0 3 * * * cd ~/.openclaw/workspace/skills/subagent-distiller && python3 incremental_slice.py && python3 realtime_distill.py
Only enable cron after configuring scope and retention; document how to pause/disable it; prefer manual runs until the user confirms the data being collected.
Useful memory cards could be relocated if the cleanup heuristics misclassify them.
The cleanup tool can bulk move memory cards to an archive based on heuristics, but it requires an explicit --exec flag and archives rather than permanently deletes.
shutil.move(str(card_path), str(ARCHIVE_DIR / card_path.name)) ... if len(sys.argv) > 1 and sys.argv[1] == '--exec': execute_cleanup()
Run the report mode first, review the proposed archive list, and back up memory/topics before using --exec.
A user following the manual install instructions could fetch the wrong code or be unable to verify the intended source.
The manual install example uses a placeholder repository while the author section names a different repository, creating a provenance inconsistency.
git clone https://github.com/yourname/subagent-distiller.git ... **仓库**: https://github.com/openclaw/subagent-distiller
Install from the registry or a verified repository URL, and ensure the published source, package metadata, and documentation all match.