ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Session History Enhanced

v1.0.1

Session history system for OpenClaw — persistent, browsable, resumable chat sessions with SQLite index, archive/restore, migration, paginated UI, and chat dr...

0· 328·0 current·0 all-time
by@maverick-software
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the provided SKILL.md and reference files: backend RPC handlers, SQLite history DB, migration, archive/restore logic, and frontend UI changes. No unrelated environment variables, binaries, or network endpoints are requested.
Instruction Scope
Runtime instructions and referenced code perform local filesystem operations (reading sessions.json, moving/renaming transcript .jsonl files into an archive folder, optionally deleting transcripts) and create/modify a local SQLite DB. These actions are coherent with a session-archival feature but are stateful and destructive (files moved/deleted) — migration auto-runs on first access and may move/or index orphaned .jsonl files.
Install Mechanism
This is an instruction-only skill (no install spec, no downloads). Risk from installation mechanism is low. Note: the referenced code uses a synchronous SQLite API (DatabaseSync from 'node:sqlite') which implies the project must already include/build the appropriate sqlite native bindings when you actually apply the changes.
Credentials
No environment variables, credentials, or external tokens are requested. All file/path access is scoped to OpenClaw's agent session directories and SQLite DBs, which is proportionate to the stated purpose.
Persistence & Privilege
The skill is not 'always: true' and doesn't request persistent platform-level privileges. It adds RPC handlers and UI wiring (normal for a feature patch). Autonomous invocation is allowed by default (platform behavior) but is not combined here with broad credentials or other red flags.
Assessment
This skill appears internally consistent and implements a local session-history feature. Before applying it: (1) back up your OpenClaw session directories (e.g., ~/.openclaw/agents/*/sessions/) because the migration and archive operations move and can delete transcript files; (2) review INSTALL.md and ensure your environment can build / has the SQLite/native node bindings referenced by the code (DatabaseSync); (3) test in a staging copy of your data first so you can confirm migration behavior; (4) be aware that the migration auto-runs on first access and will index/move orphaned .jsonl files — if you want to control timing, run migration manually or inspect the code first; (5) review the code snippets for any site-specific path usage if you run multiple agents, since operations are performed per-agentId. If you want extra assurance, ask for the missing INSTALL.md and a diff/PR that will be applied so you can review the exact changes before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978sdzarg9d8e8raz30g22rx181zv4j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments