ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Session Context Compressor

v1.0.0

Compress OpenClaw session context to reduce token usage and extend session lifetime. Uses NLP summarization (Sumy) to intelligently compact conversation history while preserving essential context. Triggers on mentions of session compression, token reduction, context cleanup, or when session size exceeds safe thresholds (~300KB). Use when (1) OpenClaw approaches 50% context limit, (2) Sessions are slowing down due to large context, (3) Reducing API costs from excessive token consumption, (4) Extending session lifetime without forced reboots.

0· 838·1 current·1 all-time
by@beboxos
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (session compression) aligns with its code: scripts/compress.py reads/writes ~/.openclaw session files, makes backups, and writes compression stats. However, the README/SKILL.md claim automatic triggering on mentions or thresholds; the provided code is a manual CLI with no watcher/auto-trigger implementation. That mismatch between advertised automatic behavior and actual manual-only implementation is a functional incoherence.
!
Instruction Scope
SKILL.md and examples point directly at ~/.openclaw/agents/main/sessions/*.jsonl and instruct running the script which will rename the original file to filepath.backup and overwrite the session file. This is expected for a compressor, but it's destructive by design (overwrites session files) so users must rely on the .backup mechanism. SKILL.md claims triggers on mentions/thresholds and integrates into HEARTBEAT.md, but no code or service is provided to perform automatic triggering — the agent would need external orchestration. Also the NLTK download instructions in SKILL.md use 'punkt_tab' which appears incorrect (likely a typo), so following those instructions may fail and cause the script to fall back to truncation mode.
Install Mechanism
This is an instruction-only skill with no install spec — lowest risk for arbitrary downloads. It recommends installing Sumy and NLTK via pip in the README and SKILL.md (pip install sumy and an nltk.download call). Because the package installation is manual and standard (pip), there is low install risk. However, the NLTK token names in the instructions are incorrect ('punkt_tab'), which is a usability issue rather than a security one.
Credentials
The skill requests no environment variables or external credentials. It writes logs/stats to ~/.openclaw/workspace/memory/compression-stats.json and operates on ~/.openclaw/agents/main/sessions — these file operations are proportionate to the stated function of compressing session files.
Persistence & Privilege
Registry flags are default (always:false, user-invocable:true). The skill does not request permanent/autonomous privileges in its manifest and does not modify other skills' configurations. It does write backups and a stats file under the user's OpenClaw workspace, which is expected for its purpose.
What to consider before installing
This skill appears to be what it says (a session compressor) but has a few red flags and usability issues you should address before installing: - Test in dry-run mode first: run python3 scripts/compress.py --dry-run to preview changes. Do not run --apply until you are satisfied. - Inspect the backup behavior: the script renames the original session to filepath.backup and then writes the compressed file. Confirm .backup files are created and recoverable; verify behavior if a .backup already exists. - Fix the NLTK install instructions: SKILL.md uses nltk.download('punkt_tab'), which is likely incorrect. Use nltk.download('punkt') and nltk.download('stopwords') instead so Sumy works; otherwise the script falls back to truncation. - Language default oddity: the compressor defaults to lang='french' in code, which may produce poor summaries for English sessions. Change the default to match your session language or pass an option if you modify the script. - Automatic triggering claims are unsupported: SKILL.md states triggers on mentions/thresholds, but the package contains only a CLI. If you need automation, implement or review a separate watcher/orchestrator rather than assuming the skill will auto-run. - Review the code yourself (scripts/compress.py): it performs file I/O in your home directory but contains no network calls or secret harvesting. If you plan to run it from an automated agent, ensure only trusted agents can invoke it. - Backup retention: decide how long to keep .backup and compression-stats.json; consider storing backups externally if sessions are sensitive. If these checks and small fixes are acceptable, the tool is coherent for compressing OpenClaw session files. If you expect automatic/autonomous behavior, do not rely on this bundle as-is.

Like a lobster shell, security has layers — review code before you run it.

compressionvk97apzeh1f9yd3z3jr5ctfrcwx8105qdcontextvk97apzeh1f9yd3z3jr5ctfrcwx8105qdlatestvk97apzeh1f9yd3z3jr5ctfrcwx8105qdoptimizationvk97apzeh1f9yd3z3jr5ctfrcwx8105qdsessionvk97apzeh1f9yd3z3jr5ctfrcwx8105qdtokensvk97apzeh1f9yd3z3jr5ctfrcwx8105qd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments