← Back to Skills Marketplace
Session Cleanup
by
xaiohuangningde
· GitHub ↗
· v1.0.0
594
Downloads
0
Stars
7
Active Installs
1
Versions
Install in OpenClaw
/install session-cleanup
Description
定期清理过期会话,评估并保存有价值信息,自动清理无价值会话。
Usage Guidance
Do not install or schedule this skill as-is. The implementation and docs disagree: the README promises evaluating and saving valuable sessions but the shipped script simply removes files (and targets /root/.openclaw). Before using consider: 1) fix the WORKSPACE to use the appropriate user home (e.g., $HOME/.openclaw) or accept a directory argument; 2) implement or remove the promised 'value evaluation and saving' step if you expect retention; 3) add a dry-run mode, whitelist/blacklist, and explicit confirmation before deletion; 4) log and save backups of deleted files (or move to a quarantine folder) to avoid permanent loss; 5) test as a non-root user on a sample dataset; 6) review and correct the cron installation approach rather than blindly adding a weekly root cron. If you cannot verify these changes, consider the skill unsafe because it can delete important session data unexpectedly.
Capability Analysis
Type: OpenClaw Skill
Name: session-cleanup
Version: 1.0.0
The skill bundle is classified as suspicious due to the `cleanup.sh` script performing `rm -f` operations on files within the OpenClaw workspace, which is hardcoded to `/root/.openclaw`. While the script's purpose is legitimate file cleanup, running such a script with implied root privileges (operating in `/root`) introduces a risk of arbitrary file deletion via symlink attacks if an attacker could place a malicious symlink in one of the targeted directories. This represents a risky capability without clear malicious intent.
Capability Assessment
Purpose & Capability
SKILL.md claims the skill will 'evaluate session value and save important information' (关键词评估并保存到记忆). The shipped cleanup.sh performs only time-based deletions (rm) under a hard-coded WORKSPACE (/root/.openclaw) and does not implement any keyword matching, evaluation, or saving. Also SKILL.md references ~/.openclaw paths and a run.sh for cron, while the script uses /root/.openclaw — this mismatch indicates the implementation does not match the stated purpose.
Instruction Scope
The runtime script deletes files from multiple application directories (cron runs, delivery-queue, telegram, subagents, memory temp files, backups) using find + rm without content inspection or backups. It operates on /root/.openclaw (not the user's home as SKILL.md implies). There are no safeguards (dry-run, whitelist, confirmation) and no implementation of the 'save valuable sessions' step; this is scope creep toward destructive cleanup without the promised data preservation.
Install Mechanism
No install spec is provided (instruction-only with an included script). That minimizes install-time risk since nothing is downloaded or extracted, but the presence of an executable cleanup.sh means the script will run on the host when invoked or scheduled.
Credentials
The skill declares no required environment variables or credentials, yet cleanup.sh uses a fixed /root/.openclaw path. This hard-coded root path implicitly assumes elevated privileges or a root user environment and is disproportionate to the stated task (which described operating on the user's ~/.openclaw). No justification is provided for operating as root or for deleting across multiple data directories.
Persistence & Privilege
always is false (good). skill.json includes a cron field (0 3 * * 0) and the SKILL.md advises adding a cron job; if installed as-is and scheduled with root privileges this script will run weekly and perform deletions automatically. The skill does not modify other skills' configs but its action is destructive and could run autonomously if scheduled.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install session-cleanup - After installation, invoke the skill by name or use
/session-cleanup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of session-cleanup skill.
- Periodically scans session directories, detects expired sessions, and evaluates their value.
- Saves valuable sessions based on keyword matching; automatically deletes sessions deemed irrelevant.
- Supports multiple session sources: cron runs, delivery queue, Telegram, and subagents, each with customized expiration rules.
- Generates a cleanup report after each run.
- Can be run manually or scheduled weekly with cron.
Metadata
Frequently Asked Questions
What is Session Cleanup?
定期清理过期会话,评估并保存有价值信息,自动清理无价值会话。 It is an AI Agent Skill for Claude Code / OpenClaw, with 594 downloads so far.
How do I install Session Cleanup?
Run "/install session-cleanup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Session Cleanup free?
Yes, Session Cleanup is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Session Cleanup support?
Session Cleanup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Session Cleanup?
It is built and maintained by xaiohuangningde (@xaiohuangningde); the current version is v1.0.0.
More Skills