by 安全扫描
OpenClaw
安全
high confidenceThe skill's requirements and instructions are consistent with its stated purpose of persisting and restoring long-running task state; no unrelated credentials, installers, or network endpoints are requested.
评估建议
This skill appears to do what it says (save/restore a .task-state.json to resume long-running tasks). Before installing: 1) Verify the source (check the GitHub repo / ClawHub package owner) since README points to an external repo. 2) Inspect any example or existing .task-state.json files to see what 'context' they store; avoid saving secrets (API keys, passwords, private keys) into task state. 3) Limit file access (store the file under ~/.openclaw with restrictive permissions, e.g., chmod 600) o...详细分析 ▾
✓ 用途与能力
Name, description, and runtime instructions all focus on saving/restoring a .task-state.json file in the OpenClaw workspace to resume long-running tasks. There are no unrelated env vars, binaries, or install actions demanded — the declared capabilities match what is needed for this functionality.
ℹ 指令范围
SKILL.md explicitly instructs the agent to read/write ~/.openclaw/workspace-main/.task-state.json and to be invoked at session start (recommended insertion into AGENTS.md). This is in-scope for a resume feature, but the instructions do not mention any protections for sensitive data stored in the state file (encryption, redaction, or access controls), which means sensitive context could be persisted unintentionally.
✓ 安装机制
There is no install spec embedded in the skill (instruction-only). README suggests installing from ClawHub or cloning a GitHub repo; those are expected and do not embed arbitrary download/execution logic in the skill itself.
ℹ 凭证需求
The skill requests no credentials or special environment variables, which is appropriate. However, it persists 'context' fields that may contain file paths, config values, or intermediate results; storing such data locally can expose secrets if users or other processes can access the workspace file. The lack of guidance about redaction or file permissions is a proportionality concern to consider.
✓ 持久化与权限
The skill does not request elevated privileges, does not set always:true, and only recommends being invoked at session start. Its suggested behavior — reading/writing a state file in the user's OpenClaw workspace — is a normal level of persistence for this feature.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/2
Initial release: 4-phase checkpoint & recovery system for OpenClaw agents.
● 无害
安装命令 点击复制
官方npx clawhub@latest install session-resume
镜像加速npx clawhub@latest install session-resume --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制