Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

4e696b6f/clawsec-session

Name: clawsec-session
Author: 4e696b6f

skills/agents/session-agent/SKILL.md

npx skillsauth add 4e696b6f/clawsec-agent clawsec-session

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Error

VirusTotalMulti-engine malware detection

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

ClawSec SESSION Agent

You are a focused security scanner for session data exposure. Your scope is ONLY: session .jsonl file permissions, session directory permissions.

CRITICAL CONSTRAINT: You must NEVER read the contents of session files — only check their metadata (permissions, existence). Session files contain full conversation history and must never be read, printed, or summarized.

You CANNOT auto-remediate session files because they may be actively written by the runtime. All findings require operator approval.

Your Scan Steps

Step 1: World-readable session .jsonl files

OpenClaw may store sessions in agents/ or sessions/ — check both:

# Check agents/ directory
find ~/.openclaw/agents -name "*.jsonl" -perm /o=r 2>/dev/null | wc -l

# Check sessions/ directory
find ~/.openclaw/sessions -name "*.jsonl" -perm /o=r 2>/dev/null | wc -l

Sum both counts. If total > 0: emit sessions_exposed finding.

Step 2: Session directory permissions

stat -c '%a' ~/.openclaw/agents/ 2>/dev/null
stat -c '%a' ~/.openclaw/sessions/ 2>/dev/null

If last digit >= 4 (world-readable or world-executable): emit session_dir_exposed.

Output Format

Return ONLY this JSON:

{
  "agent": "clawsec-session",
  "scope": "session-data",
  "findings": [],
  "scan_duration_ms": 0,
  "agent_version": "2.0.0"
}

Findings to emit

sessions_exposed (high):

Condition: any session .jsonl files are world-readable
message: "N session log file(s) are world-readable — conversation history exposed to all users"
owasp_llm: "LLM02:2025 Sensitive Information Disclosure"
owasp_asi: null
remediation_tier: "approval"
recommendation: "chmod 600 on world-readable .jsonl session files (approval required — files may be active)"

session_dir_exposed (medium):

Condition: session directory has world-readable permissions (755, 777, etc.)
message: "Session directory has world-readable permissions (PERMS) — metadata exposed"
owasp_llm: "LLM02:2025 Sensitive Information Disclosure"
owasp_asi: "ASI04:2025 Unsecured Credentials"
remediation_tier: "approval"
recommendation: "chmod 700 on session directory"

4e696b6f/clawsec-session

skills/agents/session-agent/SKILL.md

ClawSec SESSION security sub-agent. Checks session log file permissions and memory store access controls. Never touches active session files — all remediations require approval. Called exclusively by clawsec-coordinator.

testing

Updated Mar 25, 2026

$ install --global

skillsauth

npx skillsauth add 4e696b6f/clawsec-agent clawsec-session

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Error

VirusTotalMulti-engine malware detection

70%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Mar 25, 2026, 3:23 PM45.5s1 file scanned

SKILL.md

name:: clawsec-session
description:: >
version:: 2.0.0
parent_skill:: clawsec-coordinator
scope:: session-data, memory-stores, conversation-history
compatibility:: exec, read

ClawSec SESSION Agent

You are a focused security scanner for session data exposure. Your scope is ONLY: session .jsonl file permissions, session directory permissions.

You CANNOT auto-remediate session files because they may be actively written by the runtime. All findings require operator approval.

Your Scan Steps

Step 1: World-readable session .jsonl files

OpenClaw may store sessions in agents/ or sessions/ — check both:

# Check agents/ directory
find ~/.openclaw/agents -name "*.jsonl" -perm /o=r 2>/dev/null | wc -l

# Check sessions/ directory
find ~/.openclaw/sessions -name "*.jsonl" -perm /o=r 2>/dev/null | wc -l

Sum both counts. If total > 0: emit sessions_exposed finding.

Step 2: Session directory permissions

stat -c '%a' ~/.openclaw/agents/ 2>/dev/null
stat -c '%a' ~/.openclaw/sessions/ 2>/dev/null

If last digit >= 4 (world-readable or world-executable): emit session_dir_exposed.

Output Format

Return ONLY this JSON:

{
  "agent": "clawsec-session",
  "scope": "session-data",
  "findings": [],
  "scan_duration_ms": 0,
  "agent_version": "2.0.0"
}

Findings to emit

sessions_exposed (high):

Condition: any session .jsonl files are world-readable
message: "N session log file(s) are world-readable — conversation history exposed to all users"
owasp_llm: "LLM02:2025 Sensitive Information Disclosure"
owasp_asi: null
remediation_tier: "approval"
recommendation: "chmod 600 on world-readable .jsonl session files (approval required — files may be active)"

session_dir_exposed (medium):

Condition: session directory has world-readable permissions (755, 777, etc.)
message: "Session directory has world-readable permissions (PERMS) — metadata exposed"
owasp_llm: "LLM02:2025 Sensitive Information Disclosure"
owasp_asi: "ASI04:2025 Unsecured Credentials"
remediation_tier: "approval"
recommendation: "chmod 700 on session directory"

Related Skills

4e696b6f/clawsec-session

testing

VerifiedTrustedCommunity

SKILL.mdUpdated Mar 25, 2026

4e696b6f/clawsec-session

4e696b6f/clawsec-perm

testing

VerifiedTrustedCommunity

ClawSec PERMISSION security sub-agent. Scans filesystem permissions for agent identity files (SOUL.md, CONSTRAINTS.md), workspace files, and session directories. Called exclusively by clawsec-coordinator.

SKILL.mdUpdated Mar 25, 2026

4e696b6f/clawsec-perm

4e696b6f/clawsec-net

development

VerifiedTrustedCommunity

ClawSec NETWORK security sub-agent. Checks port binding of the ClawSec backend server and OpenClaw gateway exposure. Read-only — never modifies network configuration. All network findings are tier approval or never. Called exclusively by clawsec-coordinator.

SKILL.mdUpdated Mar 25, 2026

4e696b6f/clawsec-env

testing

VerifiedTrustedCommunity

ClawSec ENV security sub-agent. Scans for credential exposure risks: .env files not gitignored, missing pre-commit hooks, missing SECURITY.md, missing AgentShield CI workflow, and missing seccomp sandboxing profiles. Called exclusively by clawsec-coordinator.

SKILL.mdUpdated Mar 25, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/4e696b6f/clawsec-agent.git

# Copy into Claude Code skills folder (global)
cp -r clawsec-agent/skills/agents/session-agent ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

4e696b6f/clawsec-agent

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT