context-clean-up
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you paste or share the generated audit report, it may reveal snippets from previous session history.
The audit report can include previews from stored session content, including thinking entries, so generated JSON may contain sensitive context from prior conversations.
elif ctype == "thinking": ... consider(len(think), "thinking", str(obj.get("id") or ""), role, tool_name, _preview(think))Review the JSON report before sharing it, and redact any private conversation content or sensitive tool output.
Cron messages could be moved out of the main transcript into an external notification channel.
The reference recommends routing cron output through external messaging platforms while suppressing transcript output; this is disclosed and purpose-aligned, but users should ensure the destination is intended.
Send the message to the user using the platform tool (Telegram/Discord/Slack/etc.) ... Output exactly `NO_REPLY`
Only use out-of-band delivery for channels you control, and avoid sending sensitive details unless the external channel is appropriate.