session-logs
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive conversation transcripts stored in the
~/.openclaw/agents/<agentId>/sessions/directory. These files contain full historical records of past interactions. - [COMMAND_EXECUTION]: The skill provides numerous templates for executing shell commands such as
jq,rg,awk, andsortto process local session log files. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it reads and re-introduces historical conversation data into the agent's context. If a previous session contained malicious instructions, the agent could be influenced when analyzing those logs.
- Ingestion points: Local conversation data is ingested from JSONL files in
~/.openclaw/agents/<agentId>/sessions/. - Boundary markers: No specific boundary markers or safety instructions are defined in the command templates to isolate log content from active instructions.
- Capability inventory: The skill utilizes local file reading and shell-based data processing tools.
- Sanitization: No sanitization or filtering of the extracted text content is described or implemented.
Audit Metadata