ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Session Snapshot

v1.0.0

会话快照 - 定期保存会话状态,支持断点恢复

0· 85·0 current·0 all-time
bySimon Lau@soroyue

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for soroyue/session-snapshot.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Session Snapshot" (soroyue/session-snapshot) from ClawHub.
Skill page: https://clawhub.ai/soroyue/session-snapshot
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install session-snapshot

ClawHub CLI

Package manager switcher

npx clawhub@latest install session-snapshot
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (session snapshot, periodic saves and restore) aligns with the SKILL.md. However the instructions mention capturing 'current working directory' and 'key variables' while the metadata declares no filesystem or environment access — there's a small mismatch about the capabilities the skill actually needs.
!
Instruction Scope
Instructions require periodically saving conversation history, tasks, and 'context' (explicitly including working directory and key variables). They do not specify how those are accessed, what precisely 'key variables' means, where snapshots are written, or any redaction/consent rules. That open scope could capture sensitive environment data or secrets.
Install Mechanism
Instruction-only skill with no install spec or code files; lowest installation risk (nothing is written to disk by an installer).
!
Credentials
Metadata requests no env vars or config paths, but the SKILL.md implies reading environment-like data (working directory, key variables). The skill asks for potentially sensitive context without declaring or justifying the required access.
Persistence & Privilege
always is false and there is no indication the skill modifies other skills or system-wide settings. Autonomous invocation is allowed by default (normal), which combined with the above vagueness increases the privacy risk but does not itself indicate excessive privileges.
What to consider before installing
This skill will periodically save your conversation plus contextual data (including working directory and 'key variables') but doesn't say where or how snapshots are stored or protected. Before installing, ask the author: (1) where are snapshots saved (local file path vs remote service)? (2) who can read them and how long are they retained? (3) are snapshots encrypted at rest and in transit? (4) can you restrict what fields get saved (e.g., exclude environment variables or secrets) or opt out of automatic saves? If you cannot get clear answers, avoid enabling automatic saves or prefer manual invocation only.

Like a lobster shell, security has layers — review code before you run it.

latestvk97chqztck0wk7k8818kydj95984520s
85downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
Simon Lau@soroyue
latest
Download

Session Snapshot - 会话快照

功能

定期保存当前会话状态,支持断点恢复和回溯。

快照内容

内容说明
对话历史最近N条消息
任务状态进行中的任务及进度
上下文当前工作目录、关键变量
时间戳快照时间

保存时机

  1. 定时保存: 每30分钟
  2. 关键节点: 任务开始/完成时
  3. 手动保存: 用户说"保存快照"

恢复机制

用户说"恢复上一个快照"
    ↓
加载最近快照
    ↓
恢复对话上下文
    ↓
继续工作

文件格式

{
  "timestamp": "2026-04-04T01:57:00+08:00",
  "session_id": "xxx",
  "messages": [...],
  "tasks": [...],
  "context": {...}
}

使用方式

  • 自动执行(每30分钟)
  • 手动:说"保存快照"或"恢复快照"

Comments

Loading comments...