Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
subagent-clean
v1.0.0统一清理 OpenClaw 子 agent 会话,支持备份、归档,强制删除活跃会话,预览模式和指定目标清理。
⭐ 0· 48·0 current·0 all-time
bywei dong@weidongkl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the files: the script and SKILL.md both focus on listing, backing up, archiving, and removing subagent session entries under ~/.openclaw/agents. No unrelated external services, credentials, or binaries are requested.
Instruction Scope
SKILL.md documents many CLI options and behaviors (e.g., --force to kill active subagents, --no-backup, --purge, --cleanup-archive, --dry-run semantics) and shows shell snippets using /root/.openclaw, but the Python script does not implement or honor several of these flags and behaviors. The script's main code path effectively performs a 'quick_clean' (backup, rewrite sessions.json keeping only main, archive *.jsonl) and ignores flags like --force, --dry-run, and does not perform forced termination or purge logic. There is also a mismatch between SKILL.md examples that use /root/.openclaw and the script which uses Path.home() (user home) and the environment variable OPENCLAW_AGENT — this could cause surprising behavior or confusion about which agent is targeted. These inconsistencies could cause destructive operations to run unexpectedly or give a false sense of safety (e.g., users believing --dry-run will prevent changes).
Install Mechanism
No install spec; the skill is delivered as files and an instruction-only wrapper. Nothing is downloaded at install time and no external packages are pulled in.
Credentials
The skill requests no environment variables or credentials; the script optionally reads OPENCLAW_AGENT (reasonable for selecting an agent). It operates on files under ~/.openclaw which is appropriate for a session-cleaner and does not request unrelated secrets or config paths.
Persistence & Privilege
Skill is not always-enabled and does not modify other skills or system-wide settings. It acts on per-user OpenClaw agent data under the user's home directory. The agent-autonomous-invocation default is unchanged and is not a unique risk here.
What to consider before installing
This skill appears to implement a session-cleaner for OpenClaw agents, but the documentation and the code diverge: SKILL.md promises many flags and behaviors (dry-run, force termination, purge, no-backup, cleanup-archive) that the script does not actually honor — the script mainly performs a quick-clean (backup, rewrite sessions.json keeping only the main session, and move session files to archive). Before installing or running: (1) review the script source yourself or in a safe environment; (2) run it with a dry-run or on a copy of ~/.openclaw to confirm actual behavior; (3) be careful with --all or running as a privileged user since it iterates agent directories and will modify multiple agents' session data; (4) note SKILL.md examples reference /root/.openclaw while the script uses the current user's home and OPENCLAW_AGENT — ensure paths and user context are correct; (5) if you need the missing behaviors (true dry-run, force termination, purge), request or implement them explicitly rather than relying on the role described in the documentation.Like a lobster shell, security has layers — review code before you run it.
cleanupvk97b9vr7t29xmbab5wt79sfshh8446jvlatestvk97b9vr7t29xmbab5wt79sfshh8446jvmaintenancevk97b9vr7t29xmbab5wt79sfshh8446jvsessionvk97b9vr7t29xmbab5wt79sfshh8446jvsubagentvk97b9vr7t29xmbab5wt79sfshh8446jv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.