← 返回 Skills 市场
150
总下载
0
收藏
0
当前安装
14
版本数
在 OpenClaw 中安装
/install openclaw-session-monitor
功能描述
Real-time OpenClaw session monitor that tails JSONL transcripts and pushes formatted updates to Telegram as a persistent background process. Use when asked t...
安全使用建议
This skill will continuously read your OpenClaw session files and send formatted session contents to a Telegram chat using a bot token you provide. Before installing: 1) Confirm you trust the skill's source and review the scripts (parser/sender/sessions) yourself; 2) Be aware the registry metadata omits required env vars (BOT_TOKEN, CHAT_ID) — you'll need to supply them in .env; 3) Treat the bot token as sensitive, use a dedicated bot and a private chat/group with limited membership, and rotate the token if it’s exposed; 4) Consider running the monitor in an isolated environment (separate VM/container) because transcripts can contain internal prompts, secrets, or system context; 5) If you only need one-off inspection, use the built-in sessions_list/sessions_history instead of this continuous monitor; 6) If you proceed, set SESSIONS_DIR to a restricted path and inspect the .env/.pid/log files permissions. If you want, I can point to exact lines in the code that read session files and send messages so you know what will be exfiltrated.
功能分析
Type: OpenClaw Skill
Name: openclaw-session-monitor
Version: 9.0.0
The skill implements a persistent background monitor that reads all agent session transcripts (.jsonl files) and transmits them to an external Telegram bot. While this behavior is aligned with the stated purpose of a 'live feed,' the capability to continuously exfiltrate full interaction logs—which may contain sensitive user data, secrets, or internal system context—to a third-party service is inherently high-risk. The implementation includes instructions in SKILL.md for establishing persistence via HEARTBEAT.md watchdogs and uses a custom parser (parser.js) to format and send data via the Telegram API (sender.js). There is no evidence of hidden malicious intent, but the broad data access and remote reporting functionality warrant a suspicious classification.
能力评估
Purpose & Capability
The name/description match the code: the bundle polls OpenClaw JSONL session files and sends formatted updates to Telegram. However the registry metadata lists no required environment variables or credentials, while SKILL.md and scripts/config.js clearly expect BOT_TOKEN and CHAT_ID (and optional AGENTS/SESSIONS_DIR). That metadata omission is an inconsistency the user should be aware of.
Instruction Scope
The runtime instructions and code read session directories (sessions.json and .jsonl files), parse and format chat content (including tool calls and some internal context), and push full/trimmed transcripts to an external Telegram chat. Although parser.js removes some known metadata markers, the monitor will still forward user/assistant messages and tool outputs — i.e., potentially sensitive content — to an external endpoint. The skill also instructs running a persistent background process (nohup/& and PID management).
Install Mechanism
There is no remote installer or download URL; the package contains Node.js scripts and uses only the Node standard library (https, fs, path). No external archive downloads or package installs were specified. Note: the registry shows 'instruction-only' but the bundle includes code files that will be placed on disk when the skill is installed.
Credentials
Functionally the skill only needs a Telegram BOT_TOKEN and CHAT_ID plus optional AGENTS/SESSIONS_DIR mapping; those are appropriate for the stated purpose. However the declared requirements (none) do not list these env vars, which is a mismatch. Also the skill reads session files under the user’s home (default ~/.openclaw/agents/main/sessions) and sessions.json; that grants access to potentially sensitive transcripts, so the credential/data access is high-impact even if small in number.
Persistence & Privilege
The skill writes a .pid file and is designed to run as a persistent background process; it does not request always:true and does not modify other skills or system-wide agent settings. Note: the platform default allows autonomous invocation; combining autonomous invocation with continuous external push notifications increases the blast radius — consider this when enabling the skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-session-monitor - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-session-monitor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v9.0.0
v9 rewrite: multi-agent support, modular architecture, improved docs, .env-based config
v1.7.0
Strip boilerplate keep signal; fix pattern ordering to prevent metadata leak; remove magic numbers; clean all identifiers from docs
v1.6.0
Refactor: pattern table for user messages, dedupe overflow logic, simplify banner, fix subagent file read
v1.5.0
Clean system noise with consistent 「tag …」style; dynamic agent prefix; model header; freeze-on-overflow
v1.4.0
Cleaner display: strip internal context markers and timestamps; dynamic agent prefix for multi-agent; model name in session header; freeze-on-overflow buffer
v1.3.0
Show full model name in session header; freeze-on-overflow (no deletion, no duplicate content); add lifecycle triggers
v1.2.2
Add restart/stop/status commands with ready-to-use scripts; add trigger words for monitor lifecycle management
v1.2.1
Add Chinese and English trigger synonyms for better skill matching; fix tuning docs to match actual defaults
v1.2.0
Fix 6 bugs: file compaction offset reset, sender infinite retry loop (max 3), tagOrder for custom group names, HEARTBEAT_OK reply placeholder, clean comments
v1.1.0
Default poll 3s, merge window 1min, auto-split new message at 3000 chars, fix reply tag rendering
v1.0.3
Fix: reply_to tags were double-escaped, now render correctly as italic in Telegram HTML
v1.0.2
Fix management docs: use absolute paths to prevent cross-monitor PID conflicts on shared machines
v1.0.1
Fix: document heartbeat watchdog for agent exec sessions; fix edit-vs-send duplicate message bug; remove nohup from startup instructions
v1.0.0
Initial release: real-time agent session monitor with Telegram push. Polls JSONL transcripts, formats HTML updates, merges same-window messages via editMessageText. Zero dependencies.
元数据
常见问题
Session Monitor 是什么?
Real-time OpenClaw session monitor that tails JSONL transcripts and pushes formatted updates to Telegram as a persistent background process. Use when asked t... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 150 次。
如何安装 Session Monitor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-session-monitor」即可一键安装,无需额外配置。
Session Monitor 是免费的吗?
是的,Session Monitor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Session Monitor 支持哪些平台?
Session Monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Session Monitor?
由 jusaka(@jusaka)开发并维护,当前版本 v9.0.0。
推荐 Skills