OpenClaw Session Guard
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches its stated purpose, but it can run in the background, read and archive chat content, rewrite OpenClaw session state, and trigger agent handoffs automatically.
Review carefully before installing. Only use it if you are comfortable with a persistent background task that scans OpenClaw sessions, saves recent chat content into local archives, rewrites session state, and triggers handoff messages automatically. Ask the publisher to include the missing LaunchAgent plist template and provide dry-run, backup, and restore controls.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Main sessions that cross the threshold can be rotated automatically, and an agent handoff can be triggered in the background. If the archive is incomplete or wrong, work may lose context or continue from an unintended handoff.
A scheduled run can scan sessions across agents, directly rewrite the OpenClaw session registry, reset session state fields, and invoke an agent with a generated handoff message without a per-session approval step.
"$OPENCLAW_BIN" sessions --all-agents --json > "$TMP_SESSIONS_JSON" ... entry["sessionId"] = new_session_id ... "$OPENCLAW_BIN" agent --agent "$agent_id" --message "$(cat "$handoff_file")" --json >/dev/null 2>&1 || true
Add a dry-run mode, per-agent allowlist or confirmation, visible logs, automatic backups of sessions.json, and a restore command for each rotation.
The session rotator may keep running periodically in the background until uninstalled.
The installer is designed to register and immediately start a persistent LaunchAgent. This is disclosed and purpose-aligned, but it means the skill continues acting after installation.
launchctl bootstrap "gui/$(id -u)" "$PLIST_TARGET" launchctl kickstart -k "gui/$(id -u)/ai.openclaw.session.rotator"
Install only if you want ongoing automatic rotation, and verify the LaunchAgent status and uninstall command before enabling it.
A user cannot fully verify the LaunchAgent schedule and command from the supplied package, and the documented install command may not work as-is.
The installer depends on a plist template file that is not present in the provided file manifest. That makes the scheduled job definition unavailable for review and likely causes installation failure.
PLIST_TEMPLATE="$SCRIPT_DIR/ai.openclaw.session.rotator.plist.template" ... text = tpl.read_text(encoding="utf-8")
Include the plist template in the package, declare the install mechanism and required binaries, and restrict the skill metadata to supported operating systems.
Sensitive chat snippets may remain in local archives and may influence later handoff behavior.
The rotator copies recent user and assistant messages into persistent local archive files used for handoff. This is aligned with the skill purpose, but it stores chat content beyond the original session.
ARCHIVE_ROOT="${OPENCLAW_ARCHIVE_ROOT:-$HOME/.openclaw/knowledge/session-archives}" ... user_items = user_items[-max_items:] ... assistant_items = assistant_items[-max_items:] ... archive_file.write_text(...)Review the archive directory, avoid using it for secrets, add retention or cleanup controls, and consider filtering prompt-like or sensitive content before reuse.