ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Compress

v1.0.0

Compress text semantically with iterative validation, anchor checksums, and verified information preservation.

2· 831·3 current·4 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (semantic compression with validation) align with the SKILL.md and companion docs. However, the docs explicitly cover compressing 'System Prompts' and recommend keeping imperatives intact and compressing examples aggressively — compressing system prompts is a sensitive operation and not an ordinary feature of a general-purpose compressor. The skill also references running shell-style checks (diff, extract_entities) without declaring required binaries; this is a mild mismatch between declared requirements (none) and advised runtime operations.
!
Instruction Scope
Instructions go beyond pure text transformation guidance: they (a) recommend compressing system prompts (sensitive), (b) show shell commands (diff <(...)>, extract_entities) that imply file I/O and command execution, and (c) advise using a different model for reconstruction and storing 'decompression prompts' / mapping tables. These behaviors can legitimately support validation, but they also enlarge the attack surface (smuggling instructions into compressed blobs, reconstructing hidden payloads, or using alternate LLM endpoints). The presence of a 'system-prompt-override' injection pattern in the SKILL.md increases concern that the guidance could be used to alter assistant/system behavior.
Install Mechanism
No install spec and no code files — instruction-only skill. That minimizes risk from arbitrary installs or downloaded executables. The validator scanner had no code to analyze, so there is no binary or archive risk here. The primary risk is from following the prose instructions at runtime.
Credentials
The skill requests no environment variables, credentials, or config paths, which is proportionate. Caveat: the docs suggest using separate models for reconstruction and storing mapping/decompression prompts; if an implementation binds those steps to external LLM endpoints or stores decompression prompts in external services, credentials would become relevant — but none are requested here.
Persistence & Privilege
always:false and no install-time persistence or privileged modifications are requested. The skill does not request to modify other skills or system settings. Autonomous invocation is allowed by default (not changed here); combined with the instruction content this increases potential impact but does not by itself indicate improper privilege requests.
Scan Findings in Context
[system-prompt-override] unexpected: The skill includes a 'System Prompts' section and guidance for compressing system prompts. The scanner flagged a system-prompt-override pattern in SKILL.md — compressing or manipulating system prompts can be legitimate for storage/efficiency, but the pattern may indicate an attempt to craft compressed blobs that alter model/system behavior when decompressed. This is relevant and non-trivial; treat with caution.
What to consider before installing
This skill is coherent for semantic compression, but proceed carefully. Before installing or using it: 1) Do not compress or store safety-critical or secret system prompts, credentials, legal/medical/financial figures. 2) Review and control where decompression prompts, mapping tables, and any 'decompression' artifacts will be stored — avoid sending them to untrusted external services. 3) If the agent environment can execute shell commands or call alternate LLM endpoints, restrict those capabilities or audit the exact commands/endpoints used (the docs reference diff and extract_entities). 4) Test the skill on innocuous, non-sensitive data first to verify it doesn't alter system prompts or leak information. 5) If you need to compress system prompts, prefer manual review and explicit, auditable tooling rather than automated compression that can hide instructions. If you want, I can highlight the exact sentences in the SKILL.md that triggered the injection flag and suggest safer wording.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cw6wgpa8w52y9cpf4atj8kx813d6t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments