Skillv1.0.0

ClawScan security

Session Context Compressor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 12, 2026, 11:03 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (compressing OpenClaw session files) but contains several incoherences and rough edges (claims of automatic triggers, odd defaults, and incorrect install instructions) that merit caution before use.
Guidance: This skill appears to be what it says (a session compressor) but has a few red flags and usability issues you should address before installing: - Test in dry-run mode first: run python3 scripts/compress.py --dry-run to preview changes. Do not run --apply until you are satisfied. - Inspect the backup behavior: the script renames the original session to filepath.backup and then writes the compressed file. Confirm .backup files are created and recoverable; verify behavior if a .backup already exists. - Fix the NLTK install instructions: SKILL.md uses nltk.download('punkt_tab'), which is likely incorrect. Use nltk.download('punkt') and nltk.download('stopwords') instead so Sumy works; otherwise the script falls back to truncation. - Language default oddity: the compressor defaults to lang='french' in code, which may produce poor summaries for English sessions. Change the default to match your session language or pass an option if you modify the script. - Automatic triggering claims are unsupported: SKILL.md states triggers on mentions/thresholds, but the package contains only a CLI. If you need automation, implement or review a separate watcher/orchestrator rather than assuming the skill will auto-run. - Review the code yourself (scripts/compress.py): it performs file I/O in your home directory but contains no network calls or secret harvesting. If you plan to run it from an automated agent, ensure only trusted agents can invoke it. - Backup retention: decide how long to keep .backup and compression-stats.json; consider storing backups externally if sessions are sensitive. If these checks and small fixes are acceptable, the tool is coherent for compressing OpenClaw session files. If you expect automatic/autonomous behavior, do not rely on this bundle as-is.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (session compression) aligns with its code: scripts/compress.py reads/writes ~/.openclaw session files, makes backups, and writes compression stats. However, the README/SKILL.md claim automatic triggering on mentions or thresholds; the provided code is a manual CLI with no watcher/auto-trigger implementation. That mismatch between advertised automatic behavior and actual manual-only implementation is a functional incoherence.
Instruction Scope: concernSKILL.md and examples point directly at ~/.openclaw/agents/main/sessions/*.jsonl and instruct running the script which will rename the original file to filepath.backup and overwrite the session file. This is expected for a compressor, but it's destructive by design (overwrites session files) so users must rely on the .backup mechanism. SKILL.md claims triggers on mentions/thresholds and integrates into HEARTBEAT.md, but no code or service is provided to perform automatic triggering — the agent would need external orchestration. Also the NLTK download instructions in SKILL.md use 'punkt_tab' which appears incorrect (likely a typo), so following those instructions may fail and cause the script to fall back to truncation mode.
Install Mechanism: noteThis is an instruction-only skill with no install spec — lowest risk for arbitrary downloads. It recommends installing Sumy and NLTK via pip in the README and SKILL.md (pip install sumy and an nltk.download call). Because the package installation is manual and standard (pip), there is low install risk. However, the NLTK token names in the instructions are incorrect ('punkt_tab'), which is a usability issue rather than a security one.
Credentials: okThe skill requests no environment variables or external credentials. It writes logs/stats to ~/.openclaw/workspace/memory/compression-stats.json and operates on ~/.openclaw/agents/main/sessions — these file operations are proportionate to the stated function of compressing session files.
Persistence & Privilege: okRegistry flags are default (always:false, user-invocable:true). The skill does not request permanent/autonomous privileges in its manifest and does not modify other skills' configurations. It does write backups and a stats file under the user's OpenClaw workspace, which is expected for its purpose.