Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Collect Session
v1.0.0Installs and configures a hook to capture and save detailed Markdown session summaries with telemetry and cost data on /new or /reset commands.
⭐ 0· 69·0 current·0 all-time
byPaul Lacey@virtualpaul
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the code: the hook and script read OpenClaw session JSONL files, compute telemetry, optionally call an LLM for naming/summarization, and write Markdown/JSONL outputs. However, registry metadata listed no required env vars or config, while SKILL.md and the scripts clearly require Node, a workspace.dir, a sessions directory, and optionally a LITELLM_API_KEY and LITELLM_BASE_URL — that mismatch is an incoherence.
Instruction Scope
SKILL.md and the hook instruct the agent to read session files (~/.openclaw/agents/main/sessions) and write to the workspace memory directory; this is expected for session collection. The script also performs network calls to a LiteLLM endpoint (default http://localhost:4000) to enrich summaries. That behavior is within the stated purpose but means full session content is transmitted to whatever LITELLM_BASE is configured to (local or remote). The docs encourage retrieving a virtual key from a secrets manager — the key is optional but used if provided.
Install Mechanism
Instruction-only skill with no remote downloads or package installers. The install steps are manual file copies into the workspace and hooks directory; nothing is fetched from arbitrary URLs and no archive extraction occurs.
Credentials
The script reads environment variables (COLLECT_SESSION_OUTPUT_DIR, LITELLM_API_KEY, LITELLM_BASE_URL, COLLECT_SESSION_LLM_MODEL) and expects OpenClaw config values (workspace.dir). Registry metadata did not declare these env vars, creating a transparency gap. Requesting an LLM key is proportional for enrichment, but it enables transmitting session contents to an LLM provider — a sensitive privilege that the metadata failed to surface.
Persistence & Privilege
Skill is not always-enabled and does not request permanent/privileged platform presence. The hook runs on command:new and command:reset and invokes a local node script; it does not modify other skills' configs or system-wide settings beyond enabling itself in openclaw.json as the user instructs.
What to consider before installing
This skill appears to perform the described session collection, but take these precautions before installing: (1) review the included scripts yourself — they read full session JSONL files and will write them to your chosen output directory; (2) be aware that if you set LITELLM_BASE_URL to anything other than localhost or provide a LITELLM_API_KEY, the script will send session contents (including user messages and tool usage) to that endpoint — only use a trusted local or provider endpoint you control; (3) update the OUTPUT_DIR_DEFAULT and SESSIONS_DIR to safe locations you expect, or run with --no-llm to avoid network enrichment; (4) fix the metadata gap: the skill registry entry should declare required env vars (workspace.dir, optional LITELLM_API_KEY) — demand that from the publisher or avoid installing until it's corrected; (5) test in an isolated workspace or non-production account first so you can inspect outputs and logs (gateway logs may receive the script's stdout/stderr). If you want to proceed, prefer running the collector with --no-llm or point LITELLM_BASE_URL to a local-only instance you control.scripts/hook-handler.ts:33
Shell command execution detected (child_process).
scripts/collect-session.mjs:40
Environment variable access combined with network send.
scripts/collect-session.mjs:513
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97cmxvgm622jnh4mrmc1ghbdh83xnpv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.