ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Session Janitor

v1.0.0

Automated transcript trimming, LLM memory extraction, and session hygiene for OpenClaw gateways. Keeps transcripts from bloating, extracts structured memorie...

0· 6·0 current·0 all-time
by@halfdeadcat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match behavior: scripts discover OpenClaw gateways, trim JSONL session transcripts, optionally run LLM extraction, prune session entries, archive/reset orphan files, and notify the gateway to reload. The binaries and files requested (python3, file watchers) are consistent with those tasks. A minor mismatch: registry metadata lists 'jq' as required but the shipped scripts primarily use python; this is not harmful but is a small inconsistency.
Instruction Scope
SKILL.md and scripts instruct the agent to read gateway config files (~/ .openclaw*/openclaw.json), sessions.json, and JSONL session files, and to send archived conversation text to an LLM endpoint (by default the local gateway). All of that is necessary for trimming and the LLM extraction feature. Users should note the skill will read conversation transcripts and gateway auth tokens from local config files and will write archives, state, and logs under user paths.
Install Mechanism
No remote downloads or third-party package installs are performed by the scripts included. setup.sh writes config.json, installs a cron entry and (optionally) a system service/launch agent, and may call system utilities (systemctl/launchctl, crontab). Those are expected for a background janitor; there is no evidence of fetching/executing untrusted remote archives.
Credentials
The skill declares no required environment variables, which is accurate. However it does read gateway auth tokens and ports from local openclaw.json files and writes a state file (~/.openclaw/session-janitor-state.json). Access to those tokens is required for the gateway reload ping and for using the gateway's chat completions endpoint as the LLM. This access is proportionate to the stated purpose, but these are sensitive items and users should be aware the setup will surface/store them in the skill's config.json.
Persistence & Privilege
The setup installs a cron job and (optionally) a per-user systemd/launchd watcher service to run persistently. always:false (not force-installed) and model invocation is allowed (default), which is normal — but the skill does establish persistent background execution and modifies the user's crontab/system service state, so review before granting install privileges.
Assessment
This skill appears to do what it says: trim large session JSONL files, optionally extract structured memories via the local gateway LLM, archive/reset orphan transcripts, and prune session entries. Before installing, review and consider the following: 1) setup.sh will modify your crontab and attempt to install a per-user watcher service (systemd or launchd); be sure you are comfortable with these persistent changes. 2) The setup discovers and reads ~/.openclaw*/openclaw.json to obtain gateway ports and auth tokens; those tokens are used to ping the local gateway and (indirectly) to perform LLM extractions — verify you trust the skill code and the local gateway behavior. 3) LLM extraction sends archived conversation content to the configured gateway API (by default localhost:<port>); this can incur model usage and may surface sensitive conversation contents to whatever model the gateway is configured to use. 4) The skill writes state, logs, and archived files under your home (e.g., ~/.openclaw/session-janitor-state.json, /tmp/session-janitor.log, *.pre-trim.* archives). Back up session files if you want a safety copy. 5) The registry metadata mentions 'jq' though it's not widely used in the shipped scripts — ensure required system packages are present. If you want to proceed: inspect the scripts yourself (they are included), disable llmExtraction or memCli if you prefer not to send archived content to any model or external memory DB, and run setup in a controlled environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk975abncy7ce1vk7f95dzjhp1h84ap9q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, jq

Comments