Back to skill
Skillv1.0.3
ClawScan security
多窗口模式 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 25, 2026, 4:23 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions match its stated purpose (managing multiple isolated work windows and saving/loading session transcripts); it operates on local OpenClaw workspace and session files and does not request external credentials or network access.
- Guidance
- This skill operates on local OpenClaw workspace and session files (paths under ~/.openclaw). Before installing, be aware it will read your agent session transcripts (latest .jsonl in ~/.openclaw/agents/main/sessions) and write metadata and transcript/summary files under ~/.openclaw/workspace/memory/tasks. That behavior is necessary for saving/restoring windows but means the skill can access your conversation history stored locally. If you are comfortable with that, the code is coherent and there are no network calls or external credential requirements. If you have sensitive transcripts you do not want consolidated, do not install or relocate/secure your session directory; alternatively review the scripts locally and modify paths/permissions as needed.
Review Dimensions
- Purpose & Capability
- okName/description (多窗口模式 — manage windows and save/restore progress) align with required files and behavior: scripts create/list/switch/archive/complete windows and read/write window metadata and transcripts in ~/.openclaw/workspace/memory/tasks and session files under ~/.openclaw/agents/main/sessions.
- Instruction Scope
- noteSKILL.md and scripts instruct the agent to read and write local workspace and session files (index tasks.json, current.json, meta.json, transcript.jsonl). This is consistent with 'save/restore conversation' functionality. Note: the skill reads the agent's session directory (~/.openclaw/agents/main/sessions) to find the latest .jsonl session file — this means it can access other locally stored session transcripts, which is expected for the feature but worth knowing.
- Install Mechanism
- okNo install spec; this is an instruction+script bundle (no downloads, no external installers). The code is included as scripts, so nothing is fetched from remote during install.
- Credentials
- okNo environment variables, credentials, or external config paths are requested. The scripts only access repository-defined local paths under the user's home (~/.openclaw/...). The requested access is proportional to the stated functionality.
- Persistence & Privilege
- okFlags: always=false and agent autonomous invocation defaults unchanged. The skill writes and updates files within its own workspace directories (tasks, current, archived). It does not modify other skills or system-wide agent configuration outside ~/.openclaw/workspace/memory/tasks and writes a current.json there — behaviour is within expected scope.