ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Conserve Compression Strategy

v1.0.0

Analyze current context and recommend compression strategies for bloated or quota-heavy sessions

0· 61·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (analyzing and recommending compression strategies) matches the tasks described (analyze /context, recommend strategies, estimate savings). However, the SKILL.md repeatedly reads/writes files under .claude (e.g., .claude/session-state.md, .claude/context-archive/) and invokes other platform capabilities (Skill(...) and Task tool) while the skill metadata declares no required config paths, credentials, or platform features. That discrepancy (file IO and inter-skill invocation not declared) is unexplained.
!
Instruction Scope
Instructions tell the agent to run platform commands (/context, /clear, /catchup), spawn agents (Skill(conserve:clear-context), Task tool), and read/write .claude/ files and archives. These operations go beyond a passive recommendation: they imply the agent will modify and persist session state. The SKILL.md does not limit or justify access to arbitrary .claude files, nor does it declare which exact paths it will read versus write.
Install Mechanism
No install spec and no code files are present; this is instruction-only so nothing will be downloaded or written at install time. That minimizes install-time risk.
Credentials
The skill requests no environment variables or external credentials, which is proportionate. However, it still performs file IO under a user-config directory; the lack of declared required config paths for those files is a mismatch the user should verify (i.e., the skill will read/write .claude/ even though no paths were declared).
Persistence & Privilege
always:false and no special privileges are requested. The skill instructs spawning agents and clearing context, which are normal platform operations but can be impactful (destructive /clear). There is no automatic permanent presence or config modification of other skills declared.
What to consider before installing
This is an instruction-only skill that mostly does what it says (analyze context and recommend compression strategies), but before installing or invoking it: 1) verify your platform supports the commands/tools it references (/context, /clear, /catchup, Skill(...) and Task tool); 2) confirm you are comfortable with the skill reading and writing files under .claude/ (it will save session-state and create context-archive files) — the skill metadata did not declare those config paths; 3) back up any important session data before allowing it to run /clear or similar destructive operations; 4) if you need stronger assurance, ask the publisher to explicitly declare the config paths and exact file IO behavior (read vs write), or provide a minimal test run mode that does not perform writes. If the author updates the metadata to declare .claude/* paths or documents sandboxing for file IO, the mismatch would be resolved and my confidence would increase.

Like a lobster shell, security has layers — review code before you run it.

latestvk97799gg5r2rswma6ys2271sdx84nde3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis

Comments