Session Cleanup

Security checks across malware telemetry and agentic risk

Overview

This cleanup skill has a legitimate purpose, but it can automatically delete OpenClaw session, queue, Telegram, subagent, backup, and memory files without the safeguards its scope warrants.

Install only if you intentionally want unattended cleanup of OpenClaw operational and conversation data. Before enabling the cron schedule, review the exact paths, fix the missing run.sh reference, add a dry-run or quarantine mode, and back up any Telegram, subagent, delivery queue, memory, or backup files you may need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill describes automatic cleanup but does not clearly warn that session and queue data may be deleted without interactive review. In a session-management context, this increases the chance of accidental loss of operational records, conversation history, or forensic evidence because users may not realize cleanup is destructive and scheduled.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill states it will evaluate session value and save valuable content to memory, including Telegram/session data, but does not disclose the privacy implications of inspecting and persisting conversation content. This is risky because sensitive personal, operational, or authentication-related information could be copied into long-term storage without informed consent or minimization controls.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal