Session Compact
Security checks across malware telemetry and agentic risk
Overview
The main session-compaction behavior is coherent, but the package includes an unrelated agent settings file that grants write-capable Git commands, plus it runs shell commands for LLM summaries.
Treat this as a code plugin, not just documentation. Before installing, review or remove the unrelated .qwen permission file, ensure you trust the GitHub/package source, and be aware that auto-compaction stores and reuses conversation summaries locally.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent honors this settings file after the package is cloned or opened, it may allow repository-changing commands with less review than expected.
This dot-directory agent settings file grants write-capable Git commands and WebFetch permissions. Those permissions are not needed for a session-compaction plugin and are not described in SKILL.md.
"allow": ["Bash(git log *)", "Bash(git remote *)", "Bash(git push *)", "Bash(git pull *)", "Bash(git add *)", "Bash(git commit *)", "WebFetch(clawhub.ai)"]
Remove .qwen/settings.json from the published package or restrict it to read-only development commands; users should delete or review it before working in the repository with Qwen-compatible agents.
A malformed or unsafe command construction bug could affect the local environment, even though no unrelated command or exfiltration behavior is shown in the provided artifacts.
The static scan shows shell command execution in the compaction engine. This appears tied to the documented OpenClaw CLI LLM-summary workflow, but shell execution is higher risk than a direct API call.
const output = execSync(command, {Review the exact command construction and escaping before installation; prefer a direct OpenClaw API call over shell execution where possible.
Installing this way runs and loads third-party plugin code in the user's OpenClaw environment.
The documentation includes a user-directed manual install path that clones source, installs npm dependencies, and builds a local OpenClaw extension. This is normal for a code plugin but is broader than an instruction-only skill.
git clone https://github.com/SDC-creator/openclaw-session-compact.git ~/.openclaw/extensions/openclaw-session-compact ... npm install --production ... npm run build
Install only from a trusted source/version, review package contents, and avoid following manual build steps unless you intend to install a code plugin.
Private conversation content or summaries may remain on disk and later influence the session context.
The plugin stores session messages/summaries locally so conversations can survive restarts and be compacted over time. This is purpose-aligned but involves persistent conversation memory.
JSON file-based session storage with version tracking ... Default storage at `~/.openclaw/sessions/`
Use it only for sessions you are comfortable storing locally, review retention/cleanup behavior, and disable auto-compaction for highly sensitive work if needed.