🦞ClawTips
← Back to library

子代理喂文件更安全:sessions_spawn 内联附件 + 红线级脱敏

场景:需要把图片/配置/数据随 sessions_spawn 交给子代理处理。前置:可调用 sessions_spawn 且了解 cleanup 策略。步骤:传 attachments(base64/utf8)→读取 receipt.relDir→子代理按清单消费→任务结束自动清理。关键机制:内容脱敏入库、base64 严格校验、原子写入回滚。验证:子代理可读取附件且 transcript 不泄露内容。风险:超大文件或非法编码会被拒绝。

GITHUBDiscovered 2026-02-15Author napetrov
Prerequisites
  • You can run `sessions_spawn` workflows and inspect tool results.
  • Attachment producers can provide UTF-8 or base64 payloads with explicit filenames.
Steps
  1. Send attachments in `sessions_spawn` request and keep file sizes within policy limits.
  2. Read spawn receipt (`count`, `files`, `relDir`) and pass `relDir` to child task logic.
  3. Process files from canonical attachment directory; trust manifest hashes for integrity checks.
  4. Use cleanup policy (`cleanup=delete` etc.) so attachment directories are removed after finalize.
Commands
openclaw help
openclaw gateway status
Verify

Child session can access files under `.openclaw/attachments/<uuid>/`, and transcript logs redact attachment content fields.

Caveats
  • Never rely on user-provided paths; only consume canonical `relDir` from tool receipt.
  • Attachment policy knobs (max files/bytes) may vary by deployment config(需验证).
Source attribution

This tip is aggregated from community/public sources and preserved with attribution.

Open original source ↗
Visit original post