Session tracking and OPENCLAW_SESSION preamble not gated by telemetry config

[hui-zheng]

Problem

Enterprise security scanners flag gstack installations due to strings in every generated SKILL.md preamble:

mkdir -p ~/.gstack/sessions
touch ~/.gstack/sessions/"$PPID"
_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
find ~/.gstack/sessions -mmin +120 -type f -exec rm {} + 2>/dev/null || true

[ -n "$OPENCLAW_SESSION" ] && echo "SPAWNED_SESSION: true" || true

These run regardless of the telemetry: off config setting. The telemetry config only gates remote data sending and local JSONL analytics, but session file creation, session cleanup via find, and the OPENCLAW_SESSION env var check are unconditional in the preamble.

At my company, a custom security rule monitoring for OpenClaw strings and suspicious find commands in shell initialization scripts triggered an alert, requiring investigation and remediation.

Current behavior

• scripts/resolvers/preamble.ts embeds session tracking and OPENCLAW_SESSION detection into every SKILL.md
• Setting telemetry: off in ~/.gstack/config.yaml does not disable these
• 765+ references across all generated SKILL.md files (every host variant × every skill)

Suggested improvement

1. Gate session tracking behind telemetry config — wrap mkdir/touch/find for ~/.gstack/sessions/ in the same _TEL != "off" guard used for analytics
2. Gate OPENCLAW_SESSION detection behind a config flag — or remove it from the preamble entirely since it's only relevant when running inside OpenClaw
3. Document what telemetry: off actually disables — current config comments imply it controls all data collection, but session files are still created on disk

This would let enterprise users set telemetry: off and have confidence that no session tracking artifacts are created on disk.

Workaround

Manually strip the patterns from all generated SKILL.md files after installation. This works but gets overwritten on gstack-upgrade.

[hui-zheng]

Note: After filing this, I found these closely related existing issues:

• Security audit: session directory scanning + telemetry transparency concerns #467 — Security audit covering the same session directory scanning + telemetry transparency concerns (closed, but the session tracking issue raised there appears unresolved)
• Telemetry consent text says 'no repo names ever sent' but omits that they're recorded locally #1080 — Local JSONL recording not gated by telemetry: off
• Undisclosed hourly GitHub network call in every skill preamble (update-check) #1081 — Update-check network calls not gated by telemetry config

This issue is essentially a real-world enterprise case of what #467 predicted — security tooling flagging the find ~/.gstack/sessions and OPENCLAW_SESSION patterns. Happy to close as duplicate if maintainers prefer to track under #467 or #1080.

[hui-zheng]

Closing as duplicate of #467 and #1080 which already track these concerns. This issue adds a real-world enterprise scanner trigger as additional evidence — see the cross-references above.

[hui-zheng]

Reopening — after checking upstream main, the session tracking and OPENCLAW_SESSION patterns are still present and ungated in scripts/resolvers/preamble/generate-preamble-bash.ts:

mkdir -p ~/.gstack/sessions
touch ~/.gstack/sessions/"$PPID"
_SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ')
find ~/.gstack/sessions -mmin +120 -type f -exec rm {} + 2>/dev/null || true

And in generate-spawned-session-check.ts:

[ -n "$OPENCLAW_SESSION" ] && echo "SPAWNED_SESSION: true" || true

#467 was closed as "partially addressed" — local JSONL writes were gated, but session file creation and OPENCLAW_SESSION detection were not. These are the specific patterns that trigger enterprise security scanners.

What's still needed:

1. Gate mkdir/touch/find for ~/.gstack/sessions/ behind _TEL != "off" (or a separate session_tracking config flag)
2. Gate or remove OPENCLAW_SESSION env var check from the default preamble
3. Gate gstack-timeline-log behind telemetry config

These are distinct from #1080 (local JSONL) and #1081 (update-check network calls) — this is about on-disk session file artifacts and string patterns that security tooling flags.

[jbetala7]

Opened PR #1188 to address the ungated preamble tracking and direct OPENCLAW_SESSION preamble string: #1188