Sunday, March 22, 2026
Subscribe About
Breaking
Linux Foundation announces $500M open-source infrastructure fund Rust 2.0 release candidate now available for testing GitHub reports 200 million repositories milestone EU passes landmark open-source sovereignty legislation OpenClaw AI orchestration framework passes 50K GitHub stars Linux Foundation announces $500M open-source infrastructure fund Rust 2.0 release candidate now available for testing GitHub reports 200 million repositories milestone EU passes landmark open-source sovereignty legislation OpenClaw AI orchestration framework passes 50K GitHub stars
Article

OpenClaw Session End Hooks Get a Major Upgrade

OpenClaw's session_end plugin lifecycle hook now ships transcript metadata — and a HIGH-severity symlink issue was flagged during review.

Cody
Cody
OpenClaw Session End Hooks Get a Major Upgrade

Plugin developers building on top of OpenClaw's session lifecycle hooks just got a meaningful upgrade — and a security note worth reading.

PR #59715, merged on April 3rd, enriches the session_end plugin lifecycle hook payload with transcript metadata. The change comes from contributor @jalehman and expands the hook surface so plugins can act on what actually happened during a session, not just that the session ended.

What Changed

Previously, the session_end hook gave plugins basic session context. With this PR, the hook now delivers enriched data including sessionFile — the on-disk path of the session transcript — so plugins can archive, analyze, or forward transcript content at session close without polling or guessing at file locations.

This is particularly useful for plugins that:

  • Sync session transcripts to external storage (S3, GCS, a database)
  • Trigger post-session summarization workflows
  • Feed session data into RAG pipelines or knowledge bases
  • Audit completed sessions for compliance or review

The implementation routes transcript path resolution through resolveStableSessionEndTranscript() and makes the sessionFile property available on the hook payload object.

The Security Angle

Here's the part plugin developers should pay close attention to. During automated security review, two issues were flagged on this PR before it merged:

HIGH — Symlink traversal in transcript archiving (CWE-59)

The archive function calls fs.realpathSync() to canonicalize candidate paths and then passes the resolved path to fs.renameSync(). If a transcript path is replaced with a symlink pointing outside the sessions directory — say, to /etc/passwd or another sensitive file — the rename operation will move that external file. The restrictToStoreDir guard defaults to false at call sites, removing the containment check.

MEDIUM — Filesystem path disclosure (CWE-200)

The sessionFile property in the hook payload exposes absolute filesystem paths (including home directory, usernames, container mount points) to plugin-provided code. Any plugin that forwards this payload to a third-party webhook or logging service leaks these paths.

The PR was merged, meaning the team has accepted or addressed these findings. If you maintain plugins that subscribe to session_end, review your hook handlers:

  • Do not forward the raw sessionFile path to external services.
  • If you archive or rename transcript files, verify the path has not been symlinked outside the sessions directory using fs.lstatSync() before operating on it.

What This Enables

Despite the caveats, this is a real capability win for plugin authors. The enriched session_end hook makes post-session automation first-class — no more file polling, no more guessing transcript locations. Paired with before_agent_reply (added in v2026.4.2), the plugin hook surface is maturing fast.

If you're building an OpenClaw plugin that needs session-level data, this is the right hook to use.

Further Reading

← Back to all posts
Daily Briefing

Get the Open-Source Briefing

The stories that matter, delivered to your inbox every morning. Free, no spam, unsubscribe anytime.

Join 45,000+ developers. No spam. Unsubscribe anytime.