session-continuity
ReviewAudited by ClawScan on May 12, 2026.
Overview
This skill mostly does what it says—local checkpointing—but needs review because its helper script can write or delete files outside the checkpoint folder if given a crafted checkpoint name, and it persistently saves session context.
Install only if you are comfortable with local persistent checkpoints under your OpenClaw workspace. Use simple kebab-case checkpoint names, do not let untrusted text choose checkpoint names or next commands, review checkpoint files before resuming, and avoid saving secrets or credentials in checkpoints.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted checkpoint name such as one containing '../' could overwrite or delete other .md files in the OpenClaw workspace, not just intended checkpoint files.
The script uses the user-supplied checkpoint name directly in file paths for both writes and deletes, without validating that the resolved path stays inside the checkpoint directory.
out_file = CHECKPOINT_DIR / f"{name}.md" ... out_file.write_text(content) ... cp_file = CHECKPOINT_DIR / f"{name}.md" ... cp_file.unlink()Validate checkpoint names in code with a strict allowlist such as kebab-case only, resolve the path, and reject any path that escapes the checkpoint directory before writing or deleting.
A user who says 'no' to resuming a task could unexpectedly lose the saved checkpoint for that task.
Rejecting a resume prompt is not the same as approving deletion, yet the instruction tells the agent to delete the checkpoint on rejection.
5. **If confirmed:** execute the next action; if stale, re-verify paths first; 6. **If rejected:** delete the checkpoint and start fresh
Change the flow so a rejected resume keeps the checkpoint by default, and require a separate explicit confirmation before deletion.
Checkpoint files may preserve sensitive project details or stale instructions that influence future sessions.
The skill intentionally persists contextual memory across sessions, including task details, file paths, preferences, and decisions.
Checkpoints survive session death and can stack (deep resume) ... Relevant Context: file paths, user preferences, anything not inferable from files alone
Review checkpoint contents before resuming, avoid storing secrets in checkpoints, and delete outdated checkpoints when no longer needed.
Autosaves may be created during normal conversation or before long operations without an explicit save command each time.
The skill documents autonomous autosave behavior with minimal user-facing output.
Not invoked by the user — the agent scans for these signals and acts autonomously ... Quiet Confirmation ... do NOT produce verbose user output
Make autosave behavior clearly visible to users, keep the autosave log easy to inspect, and provide a simple way to disable or limit automatic checkpointing.