Rename Session

Security checks across malware telemetry and agentic risk

Overview

This skill is a local command-line helper that does what it says: rename OpenClaw session labels by editing the session metadata file.

Install only if you are comfortable with a local script editing your OpenClaw session metadata. Use --root carefully, especially if set through RENAME_SESSION_ROOT, because the tool will write the matching sessions.json file at that location.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill explicitly reads environment variables and performs direct file reads/writes to `sessions.json` and a history file, but the manifest does not declare any permissions. This creates a transparency and trust problem: users or hosting systems may assume the skill is passive while it can modify local state, and mis-scoped `--root` or environment-controlled paths could lead to unintended file changes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal