Alex Session Wrap-Up
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: alex-session-wrap-up Version: 1.0.0 The skill is classified as suspicious due to a significant vulnerability in `scripts/session-wrap-up.sh`. The script explicitly adds and commits `*.env` files to the local Git repository and then pushes them to the remote origin. If these `.env` files contain sensitive API keys or credentials (which is highly probable, given the script loads them for LLM access) and the user's repository is public or becomes compromised, this action could lead to severe credential exposure. While this is a vulnerability rather than direct malicious intent to exfiltrate data to an unauthorized party, it poses a critical security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private changes or secrets in .env files could be committed and pushed to a remote repository unintentionally.
When invoked, the script automatically stages, commits, and pushes selected workspace files, explicitly including *.env, without showing a diff or requiring user confirmation.
git add *.md *.txt *.json *.sh *.yaml *.yml *.env ... git commit -m "Auto-wrap-up: $(date -Iseconds)" ... git push origin HEAD
Remove *.env from the add list, require an explicit user approval step after showing git status/diff, and make pushing opt-in rather than automatic.
The skill may use credentials from the local OpenClaw environment in ways users would not expect from the metadata, and those same .env files are also candidates for git staging in the script.
The script loads the local .env file and uses provider API keys, while the registry metadata declares no required env vars or primary credential. The code does not limit loading to only the keys it needs.
source "$WORKSPACE/../.env" ... -H "Authorization: Bearer $OPENAI_API_KEY" ... -H "Authorization: Bearer $OPENROUTER_API_KEY"
Declare the OpenAI/OpenRouter credentials in metadata, read only the specific variables needed, and avoid sourcing or staging broad .env files.
If the .env file contains unexpected commands or is tampered with, running the wrap-up script could execute those commands locally.
Using shell source on a .env file executes any shell syntax present in that file, rather than safely parsing only key-value assignments.
if [[ -f "$WORKSPACE/../.env" ]]; then set -a source "$WORKSPACE/../.env" set +a fi
Replace shell sourcing with safe parsing of specific variables such as OPENAI_API_KEY and OPENROUTER_API_KEY.
Memory entries may contain private session details, and model-generated text saved to memory could influence later work if future sessions trust that memory.
The script reads recent memory entries, sends them to an external model provider when an API key exists, and appends the model response back into the memory file.
LEARNINGS=$(grep -E '^- ' "$MEMORY_FILE" ... | head -20 || true) ... curl ... "https://api.openai.com/v1/chat/completions" ... echo "$PATTERN_RESULT" >> "$MEMORY_FILE"
Review what is stored in memory before running, avoid including secrets in memory entries, and consider requiring confirmation before saving model-generated patterns.