Leanctx Integration
v0.1.4Automatically compresses OpenClaw tool outputs to reduce token usage by 60-99%
⭐ 2· 98·0 current·0 all-time
byJack Keller@jackkeller
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (compress tool outputs to reduce tokens) align with included source (src/index.ts) which implements wrapRead and wrapExec hooks, local caching, and compression strategies. Required artifacts and configuration are consistent with an OpenClaw hook. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md instructs local interception of OpenClaw read/exec calls and editing openclaw.json to enable the hook; the source implements exactly this behavior. The SKILL.md explicitly declares 'local-only' operation and no external endpoints; the code contains no network calls and only uses local fs/crypto. Instructions do require editing OpenClaw config (expected for a hook).
Install Mechanism
No remote downloads or install spec in registry; there is an install.sh included which runs npm install in the skill directory. All dependencies referenced are standard (typescript, @types/node) and package-lock uses npm registry URLs. Small inconsistencies: package.json declares a bin entry ('leanctx') but no bin/leanctx file is present in the package; README/SKILL.md reference CLI usage (npx leanctx) that doesn't appear to be implemented. These are implementation issues but not indicators of malicious activity.
Credentials
Skill asks for no environment variables or external credentials. install.sh reads HOME and references the OpenClaw config file (~/.openclaw/openclaw.json) and creates a backup if the file exists — this is proportional to installing a local OpenClaw hook. No secrets/exfiltration mechanisms are present.
Persistence & Privilege
always:false (normal). The installer does not automatically modify system-wide settings — it prints instructions for adding the hook to openclaw.json and creates a local backup if the config is read. The skill does not try to modify other skills or global agent configuration programmatically.
Assessment
This skill appears to do what it says: locally compress OpenClaw 'read' and 'exec' outputs. Before installing, review and consider the following: 1) The installer only prints the configuration block and does not automatically inject it into your openclaw.json — you must edit that file yourself; install.sh will back up the config if it reads it. 2) The package advertises a CLI (npx leanctx / bin/leanctx) that is not present in the repository — some advertised features (npx CLI, metrics CLI) may be incomplete. 3) Compression is AST/text-based and will remove comments/whitespace and collapse function bodies for summaries — confirm you are comfortable with this local transformation of file contents (it does not send data anywhere). 4) There are minor code bugs/typos (e.g., Svelte script matching uses HTML-escaped tags) that could affect behavior; consider testing in a safe environment first. If you rely on precise outputs for any tooling or auditing, test thoroughly and review src/index.ts to ensure the compression rules meet your needs.Like a lobster shell, security has layers — review code before you run it.
latestvk97fxbd6zqz6qajw8qh7pvbj9d84a1ht
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📦 Clawdis