ClawHub
Back to skill

Security audit

subagent-archive

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OpenClaw session cleanup skill, but its destructive cleanup guidance is inconsistent enough that users should review it before installing.

Install only if you are comfortable with a skill that can modify OpenClaw session storage. Run the included script in dry-run first, prefer soft mode before enforce, explicitly set the workspace, review the planned targets, and do not copy the SKILL.md Step 5 cleanup snippet without adding an explicit enforce check.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The document says only active cron tasks should be protected, but the example logic skips every `:cron:` session unconditionally. That mismatch can prevent cleanup of expired cron sessions, causing stale session buildup and undermining the stated retention and archiving policy.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
Step 5 claims deletion should only occur in explicit enforce mode, but the sample code performs hard deletion in the non-`soft` branch without checking for `dry-run` or `enforce`. If copied as written, an operator running a supposed dry-run could irreversibly delete session files.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as handling selected subagent sessions safely, but it invokes `openclaw sessions cleanup --fix-missing` at the agent scope. That broad operation can remove orphaned sessions beyond the user’s intended target set, increasing the chance of unintended cleanup and loss of recoverability.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.