v3.13.3

Context Compression

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:40 AM.

Analysis

This skill is mostly aligned with context compression, but it persistently rewrites session history and saves conversation-derived content into long-term memory, which deserves careful review before installation.

GuidanceInstall only if you are comfortable with a background skill that can trim OpenClaw session history and save selected conversation content into long-term memory. Before enabling cron or hooks, confirm the target session paths, enable backups, review MEMORY.md regularly, and keep AI-assisted fact identification off unless you understand which OpenClaw profile/provider will process the content.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

SKILL.md

*/10 * * * * ~/.openclaw/workspace/skills/context-compression/truncate-sessions-safe.sh ... Reads `.jsonl` session files under `~/.openclaw/agents/*/sessions/`, trims each file

The documented cron workflow repeatedly trims session files across the OpenClaw agents session tree.

User impactA bad configuration or truncation error could repeatedly rewrite multiple session histories, causing context or history loss across future sessions.

RecommendationUse a narrow per-agent allowlist, keep backups before truncation, offer a dry-run mode, and make restoration steps clear before enabling cron.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

_meta.json

"version": "3.13.1"

The bundled metadata version differs from the supplied registry/SKILL version 3.13.3, and the registry source is listed as unknown.

User impactVersion and provenance mismatches make it harder to confirm exactly which package is being installed and reviewed.

RecommendationInstall only from a trusted registry entry, verify the package version, and prefer a release with consistent metadata and a declared source.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

identify-facts-enhanced.sh

openclaw agent --agent main --message "$prompt"

The optional enhanced fact identification runs through the user's main OpenClaw agent profile, which may use the user's normal provider configuration.

User impactIf enabled, session-derived content may be processed with the same account/provider context as the main agent.

RecommendationLeave AI-assisted identification disabled unless needed, and if enabled, use a narrowly scoped agent/profile for summarization.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

identify-facts-enhanced.sh

result=$(openclaw agent --agent main --message "$prompt" --timeout $FACTS_TIMEOUT 2>&1) ... echo "$facts" >> "$MEMORY_FILE"

The script sends session-derived content to the main OpenClaw agent for fact extraction and then appends the result to MEMORY.md, making model output from prior conversation content persistent.

User impactA misleading or malicious instruction inside a conversation could be converted into long-term memory and influence future agent behavior.

RecommendationRequire explicit user review before writing extracted facts to MEMORY.md, mark stored content as untrusted data, sanitize instruction-like text, and provide an easy way to audit and remove saved entries.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

identify-facts-enhanced.sh

TEMP_DIR="/tmp/openclaw-fact-identification" ... cp "$content_file" "$pending_file"

On failed AI fact extraction, the script copies session-derived content into a persistent /tmp pending file outside the OpenClaw workspace.

User impactPrivate conversation content may remain on disk in a temporary directory longer than expected and outside the skill's documented memory files.

RecommendationStore pending content under a protected workspace directory with restrictive permissions, document it clearly, and implement automatic expiry or deletion.