Context Compactor

This package is largely coherent with a context-compression agent, but review a few things before installing: - Inspect integration.py and api_server.py to confirm whether any HTTP endpoints are exposed and whether they require authentication (Flask-based APIs often default to no auth). An unauthenticated API could leak conversation memory or compressed data. - Search the code for any outbound network calls (requests, urllib, socket, or subprocess calls that curl/wget) to ensure data is not silently sent to external hosts. If you find any external endpoints, verify they are legitimate and appropriate. - Confirm the service only reads OpenClaw workspace paths you expect (~/.openclaw/workspace). If you need tighter control, run the skill in an isolated environment (container or VM) or adjust file permissions and configuration to limit accessible paths. - Because SKILL.md suggests cloning a repository but the package already contains code, avoid running any git clone or install commands from untrusted URLs; use the included files instead or obtain the upstream source from a known homepage. Lack of a homepage / unknown source lowers trust and is why this is flagged. - If you allow the skill to auto-start or add cron/heartbeat entries, ensure you understand and control that integration (review heartbeats, cron entries) and monitor logs (logs/ directory) for unexpected behavior. If you want, I can scan integration.py and api_server.py for network calls and any hard-coded hosts/keys, or point out exact lines to review for authentication and outbound requests.