Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Session Cleanup
v1.0.0定期清理过期会话,评估并保存有价值信息,自动清理无价值会话。
⭐ 0· 493·6 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
SKILL.md claims the skill will 'evaluate session value and save important information' (关键词评估并保存到记忆). The shipped cleanup.sh performs only time-based deletions (rm) under a hard-coded WORKSPACE (/root/.openclaw) and does not implement any keyword matching, evaluation, or saving. Also SKILL.md references ~/.openclaw paths and a run.sh for cron, while the script uses /root/.openclaw — this mismatch indicates the implementation does not match the stated purpose.
Instruction Scope
The runtime script deletes files from multiple application directories (cron runs, delivery-queue, telegram, subagents, memory temp files, backups) using find + rm without content inspection or backups. It operates on /root/.openclaw (not the user's home as SKILL.md implies). There are no safeguards (dry-run, whitelist, confirmation) and no implementation of the 'save valuable sessions' step; this is scope creep toward destructive cleanup without the promised data preservation.
Install Mechanism
No install spec is provided (instruction-only with an included script). That minimizes install-time risk since nothing is downloaded or extracted, but the presence of an executable cleanup.sh means the script will run on the host when invoked or scheduled.
Credentials
The skill declares no required environment variables or credentials, yet cleanup.sh uses a fixed /root/.openclaw path. This hard-coded root path implicitly assumes elevated privileges or a root user environment and is disproportionate to the stated task (which described operating on the user's ~/.openclaw). No justification is provided for operating as root or for deleting across multiple data directories.
Persistence & Privilege
always is false (good). skill.json includes a cron field (0 3 * * 0) and the SKILL.md advises adding a cron job; if installed as-is and scheduled with root privileges this script will run weekly and perform deletions automatically. The skill does not modify other skills' configs but its action is destructive and could run autonomously if scheduled.
What to consider before installing
Do not install or schedule this skill as-is. The implementation and docs disagree: the README promises evaluating and saving valuable sessions but the shipped script simply removes files (and targets /root/.openclaw). Before using consider: 1) fix the WORKSPACE to use the appropriate user home (e.g., $HOME/.openclaw) or accept a directory argument; 2) implement or remove the promised 'value evaluation and saving' step if you expect retention; 3) add a dry-run mode, whitelist/blacklist, and explicit confirmation before deletion; 4) log and save backups of deleted files (or move to a quarantine folder) to avoid permanent loss; 5) test as a non-root user on a sample dataset; 6) review and correct the cron installation approach rather than blindly adding a weekly root cron. If you cannot verify these changes, consider the skill unsafe because it can delete important session data unexpectedly.Like a lobster shell, security has layers — review code before you run it.
latestvk974b1vvpa4e3rz47yvm8tpzn1823be4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.