Skillv0.31.0

ClawScan security

Trunkate AI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 17, 2026, 5:55 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and required environment variables are consistent with a context-compression client that sends session history to the Trunkate API — but it will transmit your history to an external service and relies on heuristic redaction that can be imperfect.
Guidance: This skill will read your OpenClaw session history file and send a filtered version to Trunkate's API (https://api.trunkate.ai) using the TRUNKATE_API_KEY you provide. That behavior is exactly what the skill claims to do, but it means potentially sensitive conversation content will leave your machine unless it is reliably redacted. The authors include a local redaction step and mechanisms for marking blocks as private ([PRIVATE] or [KEEP]), but redaction is based on regex heuristics (which can have false negatives and false positives). Before installing: 1) Confirm you trust trunkate.ai and are comfortable sending session history to an external service. 2) Avoid placing highly sensitive secrets in history, or explicitly mark them with [PRIVATE] / [KEEP]. 3) Review and test the redaction logic on representative histories to see whether it removes the kinds of secrets you care about. 4) If you do not want automatic transmissions before every LLM call, do not enable the PreRequest hook (or raise TRUNKATE_THRESHOLD). 5) Protect your TRUNKATE_API_KEY like any other secret and monitor API key usage for unexpected calls.

Review Dimensions

Purpose & Capability: okThe name/description (semantic context optimization) aligns with the code and instructions. Required binaries (python3) and env vars (TRUNKATE_API_KEY, OPENCLAW_HISTORY_PATH, OPENCLAW_CURRENT_TOKENS, OPENCLAW_TOKEN_LIMIT) are appropriate for the stated purpose.
Instruction Scope: noteThe SKILL.md and hook scripts explicitly instruct the agent to read the OpenClaw session history file and (when threshold is met) POST a filtered copy to api.trunkate.ai/optimize, then emit OPENCLAW_ACTION:SET_HISTORY. This is within scope for a pruning/optimization tool but means full session text (minus locally-removed sections) is regularly transmitted to a third party.
Install Mechanism: okNo high-risk installer or remote arbitrary-download is used: the project is Python scripts and a requirements.txt (requests). SKILL.md documents a pip install step; there is no opaque external binary download. The runtime footprint is limited to Python and requests.
Credentials: noteRequested environment variables map to the skill's operation and are proportional. TRUNKATE_API_KEY is required and will be sent as a Bearer token to the external API (expected for a hosted service). Users should note that other secrets are not forwarded by the hook (pre_request.py whitelists only TRUNKATE_* and OPENCLAW_* and PATH), but the local redaction is heuristic and may miss sensitive items.
Persistence & Privilege: okThe skill does not request always:true and will not auto-enable itself globally. It runs as OpenClaw hooks when registered — standard for this class of skill and not an elevated platform privilege.