Back to skill
Skillv1.0.2
ClawScan security
ChronoSync · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 5:14 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested resources are consistent with a local session-sync/backup tool that reads OpenClaw session files and writes shared JSON/Markdown outputs; nothing in the package attempts network exfiltration or requests unrelated credentials.
- Guidance
- This skill appears coherent and local-only: it reads OpenClaw session files and writes shared JSON/Markdown and plugin outputs in ~/.openclaw/workspace/memory/sync (or an alternate path you set). Before installing: 1) Confirm you trust the skill source — the package includes executable Python code that will run on your machine. 2) Review any plugins you add or that come bundled — the plugin loader will execute plugin code from plugins/. 3) Be aware sanitization is heuristic (regex-based) and may not remove all secrets — avoid sending highly-sensitive secrets in chat if you plan to sync backups. 4) Check file permissions and backup existing session data if you need to preserve the original state. If you want more assurance, request a full line-by-line security review of the truncated/remaining portion of session_sync.py main routine (the supplied file was truncated in the bundle listing).
Review Dimensions
- Purpose & Capability
- okName/description match the implementation: code reads local OpenClaw session .jsonl files, performs change-detection, sanitizes content, writes shared_chat.json/.md and plugin outputs. No unrelated credentials, binaries, or services are requested.
- Instruction Scope
- okSKILL.md instructs local installation, running check_install.py, adding a cron job, and running python -m session_sync; the code implements exactly those behaviors and only references expected paths (OPENCLAW_STATE_DIR, SESSION_SYNC_OUTPUT). It reads sessions and writes local files; it does not call external endpoints.
- Install Mechanism
- noteThere is no install spec (lowest platform-level risk). However the skill bundle includes multiple Python modules that will be executed when invoked. Dynamic plugin loading executes plugin code from the plugins/ directory — expected for a plugin architecture but worth noting: installing additional/untrusted plugin files into that directory would run arbitrary code.
- Credentials
- okNo required environment variables or credentials are declared. The code optionally respects SESSION_SYNC_OUTPUT and OPENCLAW_STATE_DIR environment variables (documented in SKILL.md). No secret or cloud credentials are requested or used.
- Persistence & Privilege
- okalways is false and the skill does not modify other skills or system-wide settings. It writes files to a user-space OpenClaw workspace directory as expected for its purpose. Autonomous invocation is allowed (platform default) but not an additional privilege here.