Session History

Search and browse past conversation history across all sessions. Use when recalling prior work, finding old discussions, resuming dropped threads, or when th...

This skill legitimately reads your local OpenClaw session transcripts (~/.openclaw/agents/*/sessions/*.jsonl) and prints matching excerpts and file paths. Before installing, confirm you are comfortable granting the agent access to your local transcript files (they may contain sensitive data). Note the SKILL.md recommends summarizing results rather than pasting full transcripts — follow that guidance. Also verify your agent environment provides the referenced helper tools (sessions_history, read, memory_search) if you expect the workflow to use them. There are no network calls or secret requests in the code, so the main risk is local privacy exposure rather than external exfiltration.

Type: OpenClaw Skill Name: session-history Version: 1.0.0 The `scripts/search_sessions.py` file appears benign, performing its stated function of searching OpenClaw session transcripts within expected directories (`~/.openclaw/agents/*/sessions/`) without evidence of malicious intent or direct vulnerabilities like path traversal or arbitrary code execution. However, the `SKILL.md` file contains an instruction for the AI agent: 'If `sessions_history` doesn't work (old/closed sessions), read the JSONL file directly with `read`'. While the script itself outputs paths strictly within the OpenClaw session directories, this explicit instruction to use a generic `read` tool, combined with the script outputting full file paths, introduces a prompt injection vulnerability. An attacker could potentially leverage this instruction to trick the agent into reading arbitrary sensitive files if they can manipulate the agent's context or subsequent prompts, even if the initial paths from the script are safe. This constitutes a risky capability without clear malicious intent, classifying it as suspicious.