Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cleanup Sessions
v1.0.2清理已中止且48小时未更新的子 agent 会话及过期备份文件,释放磁盘空间并同步更新索引文件。
⭐ 0· 114·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the SKILL.md and README: the skill enumerates sessions via sessions_list(), filters aborted subagent sessions, deletes .jsonl files and backup files, and updates sessions.json. There are no extraneous environment variables, binaries, or install steps requested that would be inconsistent with a local cleanup tool.
Instruction Scope
Instructions are focused on listing and deleting files under ~/.openclaw/agents/main/sessions and syncing sessions.json, which is appropriate. Notes of caution: example code contains a hard-coded user path (/Users/miaofengkai115572/...) — ensure implementations resolve the current user home dynamically. The SKILL.md relies on sessions_list() and Node fs operations; it does not instruct contacting external endpoints. The instructions assume a direct mapping from sessionId → filename and require correct filtering (key includes 'subagent' and abortedLastRun === true). Implementation-level safety checks (e.g., avoid following symlinks, validate file ownership, double-check path joins to prevent traversal) are not specified, so users should insist on a dry-run preview before deletion.
Install Mechanism
No install spec and no code files that would be executed were provided (instruction-only). This minimizes install-time risk (nothing to download or write to disk by the skill itself).
Credentials
The skill requests no environment variables, no credentials, and no config paths beyond user-local OpenClaw session directories, which is proportionate for a local cleanup utility.
Persistence & Privilege
The skill is not always-enabled and does not request persistent elevated privileges. It will run only when invoked and its scope is limited to the sessions directory and sessions.json index as documented.
Assessment
This skill appears coherent for its stated purpose, but it deletes files — take these precautions before installing or running it: 1) Always run the preview/dry-run first and carefully review the listed file paths, sizes, and timestamps. 2) Back up sessions.json (and any important .jsonl files) before performing deletions. 3) Confirm the skill resolves the current user's home directory (do not use code with hard-coded usernames). 4) Prefer running as the same non-root user owning the OpenClaw files to avoid accidental system-wide deletions. 5) Ask for or inspect the actual implementation used at runtime to ensure protections against symlink/path-traversal and that deletions only target files under the intended sessions directory. 6) If you need higher assurance, request that the author provide a --dry-run script and an explicit confirmation prompt implementation, or run the cleanup commands manually after previewing the list.Like a lobster shell, security has layers — review code before you run it.
latestvk972z2c0647fpnq67z84p5f5bd839jd5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.