OpenClaw Session Guard
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-session-guard Version: 1.0.0 The skill installs a LaunchAgent to periodically manage OpenClaw sessions, archiving long sessions and rotating to new ones. It interacts with OpenClaw's internal state and sends a 'handoff' prompt to the agent to continue the conversation. While the skill establishes persistence and sends instructions to the agent (a form of prompt injection), these actions are directly aligned with its stated purpose of session management and context handling. There is no evidence of data exfiltration, unauthorized remote control, or other malicious intent. All file system operations and agent instructions are functional and confined to OpenClaw's operational scope.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Main sessions that cross the threshold can be rotated automatically, and an agent handoff can be triggered in the background. If the archive is incomplete or wrong, work may lose context or continue from an unintended handoff.
A scheduled run can scan sessions across agents, directly rewrite the OpenClaw session registry, reset session state fields, and invoke an agent with a generated handoff message without a per-session approval step.
"$OPENCLAW_BIN" sessions --all-agents --json > "$TMP_SESSIONS_JSON" ... entry["sessionId"] = new_session_id ... "$OPENCLAW_BIN" agent --agent "$agent_id" --message "$(cat "$handoff_file")" --json >/dev/null 2>&1 || true
Add a dry-run mode, per-agent allowlist or confirmation, visible logs, automatic backups of sessions.json, and a restore command for each rotation.
The session rotator may keep running periodically in the background until uninstalled.
The installer is designed to register and immediately start a persistent LaunchAgent. This is disclosed and purpose-aligned, but it means the skill continues acting after installation.
launchctl bootstrap "gui/$(id -u)" "$PLIST_TARGET" launchctl kickstart -k "gui/$(id -u)/ai.openclaw.session.rotator"
Install only if you want ongoing automatic rotation, and verify the LaunchAgent status and uninstall command before enabling it.
A user cannot fully verify the LaunchAgent schedule and command from the supplied package, and the documented install command may not work as-is.
The installer depends on a plist template file that is not present in the provided file manifest. That makes the scheduled job definition unavailable for review and likely causes installation failure.
PLIST_TEMPLATE="$SCRIPT_DIR/ai.openclaw.session.rotator.plist.template" ... text = tpl.read_text(encoding="utf-8")
Include the plist template in the package, declare the install mechanism and required binaries, and restrict the skill metadata to supported operating systems.
Sensitive chat snippets may remain in local archives and may influence later handoff behavior.
The rotator copies recent user and assistant messages into persistent local archive files used for handoff. This is aligned with the skill purpose, but it stores chat content beyond the original session.
ARCHIVE_ROOT="${OPENCLAW_ARCHIVE_ROOT:-$HOME/.openclaw/knowledge/session-archives}" ... user_items = user_items[-max_items:] ... assistant_items = assistant_items[-max_items:] ... archive_file.write_text(...)Review the archive directory, avoid using it for secrets, add retention or cleanup controls, and consider filtering prompt-like or sensitive content before reuse.