Session State Tracker

Type: OpenClaw Skill Name: session-state-tracker Version: 2.0.0 The OpenClaw AgentSkills skill bundle 'session-state-tracker' is classified as benign. The documentation (SKILL.md, README.md) explicitly states that the skill operates entirely locally, does not call external endpoints, and only reads/writes to `SESSION_STATE.md` within the workspace. Code analysis of `hooks/*.js`, `scripts/cli.js`, `scripts/state.js`, and `scripts/tools.js` confirms these claims, showing no network calls, no arbitrary file system access, no shell execution, and no attempts at data exfiltration. The `openclaw.plugin.json` file also explicitly limits file system permissions to `SESSION_STATE.md` for both read and write operations. The use of `js-yaml` and atomic file writes are standard and secure practices. The skill's purpose is to manage session state, and its implementation aligns with this goal without exhibiting any malicious intent or significant vulnerabilities.