ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Session Digest

v4.1.3

自动总结当天对话到 memory/YYYY-MM-DD.md。cron 23:00 自动运行,提取对话让 agent 自己总结。

0· 113·0 current·0 all-time
by@pazzilivo

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for pazzilivo/session-digest.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Session Digest" (pazzilivo/session-digest) from ClawHub.
Skill page: https://clawhub.ai/pazzilivo/session-digest
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install session-digest

ClawHub CLI

Package manager switcher

npx clawhub@latest install session-digest
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The script's behavior (reading agent session .jsonl files and producing a /tmp text file) matches the skill's stated purpose of extracting conversations for daily summaries. There are no unexpected external services or binaries required.
Instruction Scope
SKILL.md instructs running scripts/extract.js and having the agent read the produced /tmp file and summarize it — this is within scope. However the script reads all live agent sessions (main, claude, gemini, etc.) and will include any message content present in those session files; the provided simple sanitization (regex removals) may not remove all sensitive or system-level content. The skill also documents a cron trigger but provides no install steps to set that up.
Install Mechanism
No install spec is present (instruction-only plus a small script). Nothing is downloaded or written to system locations beyond the script writing a temporary output file; low install risk.
!
Credentials
Registry metadata declared no required config paths or credentials, yet the script reads from ~/.openclaw/agents (or OPENCLAW_DIR) — i.e., it accesses user-local agent session files. The skill does not request credentials, but it implicitly requires read access to that config/data path; this mismatch should have been declared. Also the output is written to /tmp which may be world-readable on some systems.
Persistence & Privilege
The skill is not always-enabled and does not modify other skills or system config. It only writes a temporary file and logs; no elevated persistence or privilege escalation is requested.
What to consider before installing
This skill appears to do what it says: it scans your local OpenClaw agent session files and writes a plain-text /tmp/session-digest-YYYY-MM-DD.txt for the agent to summarize. Before installing or enabling it, consider: 1) The script reads ~/.openclaw/agents/*/sessions/*.jsonl (it did not declare this config path in metadata) — confirm you are comfortable granting it read access to any session data stored there. 2) The temporary output is plaintext in /tmp and could contain sensitive system messages or secrets that the basic regex cleaning may not remove; inspect outputs before having the agent post them into memory. 3) If you want tighter scope, modify the script to limit which agents/sessions are scanned or add stronger redaction, and set up cron manually only after testing. 4) Because metadata omitted the config-path dependency, prefer to run the script manually once and review results before allowing automated or scheduled runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f459v3aesjhz6fw8v8dgvt183q5s0
113downloads
0stars
5versions
Updated 1mo ago
v4.1.3
MIT-0
@pazzilivo
latest
Download

Session Digest - 每日对话总结

自动总结当天所有 session 对话,生成精简的每日记忆。

工作方式

  1. cron 23:00 触发
  2. 运行 extract.js 提取当天对话到临时文件
  3. agent 读临时文件,自己总结
  4. 写入 memory/YYYY-MM-DD.md

手动使用

# 提取对话
node ~/.openclaw/workspace/skills/session-digest/scripts/extract.js [YYYY-MM-DD]

# 然后让 agent 读 /tmp/session-digest-YYYY-MM-DD.txt 并总结

输出格式

# YYYY-MM-DD Weekday

### 做成了什么
- xxx

### 改了什么
- xxx

### 学到了什么
- xxx

### 待办
- [ ] xxx

---
N 个 session,M 条消息

隐私 & 安全

  • 不调外部 API:extract.js 只读本地文件,不联网
  • 读取所有 agents:main、claude、gemini 等所有存活的 session
  • 数据不离开本地:所有数据都在 ~/.openclaw/ 目录内

文件

  • scripts/extract.js - 提取对话到临时文件
  • SKILL.md - 本文件

Comments

Loading comments...