ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ContextClaw Plugin Usage

v1.0.0

Manage and analyze OpenClaw sessions by checking usage, pruning old sessions, cleaning orphaned files, and viewing stats via CLI or dashboard.

0· 561·0 current·0 all-time
by@rmruss2022
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (session management, pruning, stats) matches the runtime instructions: analyze/prune/clean-orphaned/dashboard commands operating on OpenClaw sessions. Declared prerequisites (install the ContextClaw plugin) and referenced artifacts (sessions .jsonl files under ~/.openclaw/agents/main/sessions/) are coherent with the stated purpose.
Instruction Scope
SKILL.md only describes running the ContextClaw/OpenClaw CLI and opening a local dashboard, and explicitly documents which files it reads (~/.openclaw/.../sessions/). It also documents deletion operations (prune/clean-orphaned) and safety practices (dry-run, keep main/cron sessions). The instructions do not attempt to read unrelated system locations or exfiltrate data to remote endpoints.
Install Mechanism
The skill is instruction-only (no install spec), but requires the user to install an npm package globally (@rmruss2022/contextclaw) and register the plugin with openclaw. That is a reasonable requirement for this functionality, but installing arbitrary npm packages and running plugin installers executes third-party code on the host—users should verify the package and repo before installing. The lack of an automated install spec is not a security problem but is worth noting.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The only filesystem access described is to the sessions directory under the user's OpenClaw home, which is appropriate for session management.
Persistence & Privilege
The skill does not request always:true or other elevated/intrusive privileges. It runs as an invoked plugin/CLI and advises dry-run/default protection for key session types (main/cron). Nothing in the instructions indicates it modifies other skills' configurations or requires permanent system-wide changes.
Assessment
This skill appears to do what it claims — manage and prune local OpenClaw session files. Before installing: (1) verify the referenced GitHub repo and npm package (@rmruss2022/contextclaw) look legitimate and review their source if possible, since npm global installs run third-party code; (2) always run analyze and the prune/clean-orphaned commands in dry-run mode first and back up your session directory if you are worried; (3) confirm the dashboard binds only to localhost and choose a different port if you have concerns about local network exposure.

Like a lobster shell, security has layers — review code before you run it.

contextvk97fe2cb0vzte18yh39axkr29n819k02latestvk97fe2cb0vzte18yh39axkr29n819k02managementvk97fe2cb0vzte18yh39axkr29n819k02pluginvk97fe2cb0vzte18yh39axkr29n819k02sessionvk97fe2cb0vzte18yh39axkr29n819k02

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments