ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Context Optimizer

v1.0.0

Intelligently compresses and optimizes context to reduce token usage by 40-60%, using deduplication, pruning, summarization, and adaptive learning.

0· 1.3k·9 current·9 all-time
by@atlaspa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md align with the name: a local context compressor with learning, quotas, and a local dashboard. However the registry metadata claimed 'no required config paths' / 'instruction-only', while SKILL.md and the code explicitly store data under ~/.openclaw/openclaw-context-optimizer/ and include many source files (package.json, migrations, express, sqlite). That mismatch (metadata vs actual delivered files/behavior) is inconsistent and should be treated as surprising.
!
Instruction Scope
Runtime instructions and hooks modify request context, record feedback, and persist compression sessions/patterns. The skill also exposes local HTTP endpoints (dashboard and x402 endpoints) and instructs agents to autonomously subscribe via x402. Critically, the AGENT-PAYMENTS docs and IMPLEMENTATION_SUMMARY note the MVP 'trusts reported transaction hashes' (no on-chain verification), which allows an agent (or actor able to call the verify endpoint) to claim payment and obtain Pro access without real on-chain validation. The instructions also encourage giving agents wallet access so they can pay autonomously — a high-risk capability if not tightly controlled.
Install Mechanism
No explicit install spec was provided in registry metadata (skill treated as instruction-only), but a full Node project is included with package.json, migrations, and scripts. Installing/running will require npm deps (express, better-sqlite3) and will create files/DB locally. That is not inherently malicious, but the absence of a declared install step in metadata combined with included executable code is an incongruence worth calling out.
!
Credentials
The skill declares no required env vars, which is plausible, but it expects 'agent_wallet' values at runtime and can programmatically create payment requests and verify payments. If an agent is granted a funded wallet or permission to send txs, the skill enables autonomous spending (0.5 USDT/month) and license changes. The skill does not request cloud/API credentials, which is proportionate, but the ability to trigger payments and upgrade licenses without robust on-chain verification is disproportionate relative to a pure compression utility.
!
Persistence & Privilege
The skill registers lifecycle hooks (request:before, request:after, session:end) that automatically modify and persist context and stats. That's expected for this kind of tool, but combined with the autonomous x402 payment flow (and the 'trust tx hash' MVP behavior), it grants an agent a path to change its tier/quota and thus affect behavior/charges without human approval. always:false and normal autonomous invocation are okay on their own, but the payment/upgrade capability raises privilege concerns.
What to consider before installing
What to consider before installing: - Mismatch & file presence: Although registry metadata suggests 'instruction-only' and 'no config paths', this package contains a Node project that writes a SQLite DB and config under ~/.openclaw/openclaw-context-optimizer/. Expect on-disk storage and an HTTP dashboard on localhost (9092). - Autonomous payments: The skill enables agents to subscribe to a Pro tier (0.5 USDT/month) via a local x402 API. AGENT-PAYMENTS.md warns the MVP trusts reported tx hashes (no on-chain verification). If you give an agent wallet access, it could authorize payments or potentially claim payments without on-chain proof. Do not grant real wallet keys or signing capability to untrusted agents. - Least privilege: If you still want to use it, run it in an isolated environment (sandbox or container), and do not expose a funded wallet to autonomous agents. Prefer manual payment workflows or require explicit human confirmation for upgrades. - Audit & test: Review the included source (especially src/x402.js, src/index.js, and dashboard code) before running. Confirm whether verifyPayment does any on-chain RPCs, and if not, require that in production. Search for any network calls to remote hosts beyond localhost; monitor network activity during initial runs. - Backup & privacy: The optimizer stores compressed and original contexts locally. If your contexts contain sensitive data, treat the DB and config directory as sensitive and back them up/secure them accordingly. - If uncertain: mark this skill as suspicious and prefer a vetted alternative or request the maintainer to implement proper on-chain verification, explicit install instructions, and clearer metadata (declaring config paths and required permissions).

Like a lobster shell, security has layers — review code before you run it.

latestvk973ay16tcbhcmt1p00w63h4as811atk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
OSmacOS · Linux · Windows
Binsnode

Comments