← Back to Skills Marketplace
150
Downloads
0
Stars
0
Active Installs
14
Versions
Install in OpenClaw
/install openclaw-session-monitor
Description
Real-time OpenClaw session monitor that tails JSONL transcripts and pushes formatted updates to Telegram as a persistent background process. Use when asked t...
Usage Guidance
This skill will continuously read your OpenClaw session files and send formatted session contents to a Telegram chat using a bot token you provide. Before installing: 1) Confirm you trust the skill's source and review the scripts (parser/sender/sessions) yourself; 2) Be aware the registry metadata omits required env vars (BOT_TOKEN, CHAT_ID) — you'll need to supply them in .env; 3) Treat the bot token as sensitive, use a dedicated bot and a private chat/group with limited membership, and rotate the token if it’s exposed; 4) Consider running the monitor in an isolated environment (separate VM/container) because transcripts can contain internal prompts, secrets, or system context; 5) If you only need one-off inspection, use the built-in sessions_list/sessions_history instead of this continuous monitor; 6) If you proceed, set SESSIONS_DIR to a restricted path and inspect the .env/.pid/log files permissions. If you want, I can point to exact lines in the code that read session files and send messages so you know what will be exfiltrated.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-session-monitor
Version: 9.0.0
The skill implements a persistent background monitor that reads all agent session transcripts (.jsonl files) and transmits them to an external Telegram bot. While this behavior is aligned with the stated purpose of a 'live feed,' the capability to continuously exfiltrate full interaction logs—which may contain sensitive user data, secrets, or internal system context—to a third-party service is inherently high-risk. The implementation includes instructions in SKILL.md for establishing persistence via HEARTBEAT.md watchdogs and uses a custom parser (parser.js) to format and send data via the Telegram API (sender.js). There is no evidence of hidden malicious intent, but the broad data access and remote reporting functionality warrant a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description match the code: the bundle polls OpenClaw JSONL session files and sends formatted updates to Telegram. However the registry metadata lists no required environment variables or credentials, while SKILL.md and scripts/config.js clearly expect BOT_TOKEN and CHAT_ID (and optional AGENTS/SESSIONS_DIR). That metadata omission is an inconsistency the user should be aware of.
Instruction Scope
The runtime instructions and code read session directories (sessions.json and .jsonl files), parse and format chat content (including tool calls and some internal context), and push full/trimmed transcripts to an external Telegram chat. Although parser.js removes some known metadata markers, the monitor will still forward user/assistant messages and tool outputs — i.e., potentially sensitive content — to an external endpoint. The skill also instructs running a persistent background process (nohup/& and PID management).
Install Mechanism
There is no remote installer or download URL; the package contains Node.js scripts and uses only the Node standard library (https, fs, path). No external archive downloads or package installs were specified. Note: the registry shows 'instruction-only' but the bundle includes code files that will be placed on disk when the skill is installed.
Credentials
Functionally the skill only needs a Telegram BOT_TOKEN and CHAT_ID plus optional AGENTS/SESSIONS_DIR mapping; those are appropriate for the stated purpose. However the declared requirements (none) do not list these env vars, which is a mismatch. Also the skill reads session files under the user’s home (default ~/.openclaw/agents/main/sessions) and sessions.json; that grants access to potentially sensitive transcripts, so the credential/data access is high-impact even if small in number.
Persistence & Privilege
The skill writes a .pid file and is designed to run as a persistent background process; it does not request always:true and does not modify other skills or system-wide agent settings. Note: the platform default allows autonomous invocation; combining autonomous invocation with continuous external push notifications increases the blast radius — consider this when enabling the skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-session-monitor - After installation, invoke the skill by name or use
/openclaw-session-monitor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v9.0.0
v9 rewrite: multi-agent support, modular architecture, improved docs, .env-based config
v1.7.0
Strip boilerplate keep signal; fix pattern ordering to prevent metadata leak; remove magic numbers; clean all identifiers from docs
v1.6.0
Refactor: pattern table for user messages, dedupe overflow logic, simplify banner, fix subagent file read
v1.5.0
Clean system noise with consistent 「tag …」style; dynamic agent prefix; model header; freeze-on-overflow
v1.4.0
Cleaner display: strip internal context markers and timestamps; dynamic agent prefix for multi-agent; model name in session header; freeze-on-overflow buffer
v1.3.0
Show full model name in session header; freeze-on-overflow (no deletion, no duplicate content); add lifecycle triggers
v1.2.2
Add restart/stop/status commands with ready-to-use scripts; add trigger words for monitor lifecycle management
v1.2.1
Add Chinese and English trigger synonyms for better skill matching; fix tuning docs to match actual defaults
v1.2.0
Fix 6 bugs: file compaction offset reset, sender infinite retry loop (max 3), tagOrder for custom group names, HEARTBEAT_OK reply placeholder, clean comments
v1.1.0
Default poll 3s, merge window 1min, auto-split new message at 3000 chars, fix reply tag rendering
v1.0.3
Fix: reply_to tags were double-escaped, now render correctly as italic in Telegram HTML
v1.0.2
Fix management docs: use absolute paths to prevent cross-monitor PID conflicts on shared machines
v1.0.1
Fix: document heartbeat watchdog for agent exec sessions; fix edit-vs-send duplicate message bug; remove nohup from startup instructions
v1.0.0
Initial release: real-time agent session monitor with Telegram push. Polls JSONL transcripts, formats HTML updates, merges same-window messages via editMessageText. Zero dependencies.
Metadata
Frequently Asked Questions
What is Session Monitor?
Real-time OpenClaw session monitor that tails JSONL transcripts and pushes formatted updates to Telegram as a persistent background process. Use when asked t... It is an AI Agent Skill for Claude Code / OpenClaw, with 150 downloads so far.
How do I install Session Monitor?
Run "/install openclaw-session-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Session Monitor free?
Yes, Session Monitor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Session Monitor support?
Session Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Session Monitor?
It is built and maintained by jusaka (@jusaka); the current version is v9.0.0.
More Skills