context-clean-up
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent audit-only cleanup skill, but its optional script can include snippets from local OpenClaw session history in the generated report.
This skill appears safe for its audit-only purpose. Before installing or using it, understand that the optional Python audit script reads local OpenClaw session transcripts and may place snippets into the generated JSON report; review and redact that report before pasting it into a chat or sharing it elsewhere.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you paste or share the generated audit report, it may reveal snippets from previous session history.
The audit report can include previews from stored session content, including thinking entries, so generated JSON may contain sensitive context from prior conversations.
elif ctype == "thinking": ... consider(len(think), "thinking", str(obj.get("id") or ""), role, tool_name, _preview(think))Review the JSON report before sharing it, and redact any private conversation content or sensitive tool output.
Cron messages could be moved out of the main transcript into an external notification channel.
The reference recommends routing cron output through external messaging platforms while suppressing transcript output; this is disclosed and purpose-aligned, but users should ensure the destination is intended.
Send the message to the user using the platform tool (Telegram/Discord/Slack/etc.) ... Output exactly `NO_REPLY`
Only use out-of-band delivery for channels you control, and avoid sending sensitive details unless the external channel is appropriate.