Session Digest
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is transparent about making daily summaries, but it automatically reads all agents’ local chat logs and stores derived memory with limited controls, so it should be reviewed before use.
Use this only if you want all current agents' daily conversations summarized into persistent memory. Before installing, confirm how the 23:00 cron job is created and disabled, restrict which sessions are included if possible, avoid storing secrets in chat, and review the generated memory file before relying on it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive content from any agent conversation could be summarized into long-lived memory and reused later; prompt-like text inside old conversations could also influence what gets remembered.
The skill intentionally processes all live agents' session conversations and persists a summary into memory, but does not describe opt-outs, review before saving, retention limits, or safeguards against transcript text being treated as instructions.
自动总结当天所有 session 对话... agent 读临时文件,自己总结... 写入 `memory/YYYY-MM-DD.md`... **读取所有 agents**:main、claude、gemini 等所有存活的 session
Require explicit user approval before saving, limit which agents or sessions are included, add exclusions for secrets, and tell the agent to treat extracted transcripts strictly as untrusted data to summarize.
Users may underestimate where sensitive conversation extracts are temporarily stored on the local system.
The privacy section says all data stays under ~/.openclaw, while the usage instructions also disclose a /tmp transcript file; the documentation is inconsistent about where extracted chat data is stored.
- **数据不离开本地**:所有数据都在 `~/.openclaw/` 目录内 # 然后让 agent 读 /tmp/session-digest-YYYY-MM-DD.txt 并总结
Correct the privacy wording and store temporary transcripts under a private OpenClaw-owned directory with restrictive permissions, or clearly document the /tmp behavior.
If the scheduler is installed, the skill may process conversation history daily without a fresh manual request.
The skill is designed for scheduled recurring operation, although no install spec showing the cron setup is provided.
cron 23:00 触发
Install the cron job only with explicit consent, document how to disable it, and consider requiring confirmation before writing the daily memory file.