Skillv1.0.0

ClawScan security

Session Reset · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 5, 2026, 10:24 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested access are consistent with a local session backup/cleanup tool that operates on ~/.openclaw session files; it does not request unrelated credentials or network access.
Guidance: This skill appears to do what it claims: discover agents under ~/.openclaw, back up session JSONL files, and delete or restore them. Before installing or running it: 1) Inspect scripts/reset-session.py yourself (it runs locally and will delete session files); 2) Run operations in --dry-run first to confirm which files will be affected; 3) Ensure you have adequate disk space for backups and that ~/.openclaw is the correct path for your deployment; 4) Keep external copies of critical data if you cannot afford accidental deletion; 5) If you need stronger assurance, run the script in a safe environment (container or test account) to observe behavior. Overall the package is internally consistent and does not request unrelated privileges or network access.

Purpose & Capability: okName/description match the delivered files: SKILL.md, README, examples, and a Python script implement discovery, backup, preview, restore, cleanup and deletion of OpenClaw session files under ~/.openclaw. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: okRuntime instructions and examples consistently direct local operations (discover agents, preview, backup to ~/.openclaw/session-backups/, delete session JSONL files, restore from backups). The SKILL.md does not instruct reading unrelated system files or transmitting data externally.
Install Mechanism: okThis is instruction-only with bundled script files; there is no network download or install-from-URL. The script is included in the package (scripts/reset-session.py) and will run locally when invoked via the OpenClaw CLI.
Credentials: okNo environment variables or external credentials are required. The script operates on user-owned paths under the home directory (~/.openclaw), which is appropriate for the stated purpose. It does require filesystem write permissions to those paths.
Persistence & Privilege: okThe skill is not marked always:true and is user-invocable. It only writes its own config (~/.openclaw/session-reset-config.json) and backup files under ~/.openclaw/session-backups/, which is expected behavior for this utility.