ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Context Bridge - No more re-explaining things on model change.

v1.0.1

Maintains and transfers context across sessions, models, and time to avoid repeating information on every new interaction or model switch.

0· 65·0 current·0 all-time
byLoud Mouthed Media@loudmouthedmedia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md and scripts implement registries, discovery, and a model-handoff memory which is coherent with the stated 'context bridge' purpose. However, metadata inside the packaged files (clawhub.json) declares 'jq' as required while the skill registry metadata at the top of the review said 'required binaries: none' — an inconsistency. There are also multiple different GitHub repository hostnames referenced (loudmouthedmedia, loudmoutclawmedia, openclaw), which suggests sloppy packaging or incorrect links.
!
Instruction Scope
Runtime instructions and the setup.sh script explicitly scan and read many user-local paths (~/.openclaw/workspace/skills, ~/.openclaw/skills, ~/.openclaw/agents, openclaw cron/agents output) and then create registry files under ~/.openclaw. Reading and aggregating SKILL.md, agent files, and cron payloads is functionally needed for a global registry, but it also means the skill will collect and write local configuration and any data contained there (which may include sensitive payloads or credentials). The SKILL.md also instructs maintainers to modify AGENTS.md to force session startup behavior, which changes agent startup semantics globally.
Install Mechanism
There is no formal install spec (instruction-only), lowering risk. But a provided scripts/setup.sh is intended to be run by users; the script depends on jq (and optionally the 'openclaw' CLI) even though top-level metadata omitted required binaries. The script will create and modify files under ~/.openclaw, so users must run it intentionally and inspect it before execution.
!
Credentials
The skill does not request environment variables or external credentials, which is appropriate. However, the setup process pulls data from local agent workspaces and cron payloads (via openclaw commands and file scans). Those sources can contain secrets or tokens; aggregating them into registries/discovery files may inadvertently centralize sensitive data. Because no explicit filters or redaction are visible, this is a proportionality/privacy concern.
Persistence & Privilege
The skill is not force-enabled (always: false) and is user-invocable. It recommends editing AGENTS.md so agents load the created registry files on startup — a legitimate integration point but one that changes agent startup behavior. The skill's ability to be invoked autonomously (disable-model-invocation: false) is the platform default and not flagged alone, but combined with broad file scanning it raises the blast radius if enabled without review.
What to consider before installing
Before installing or running setup.sh: (1) Inspect scripts/setup.sh yourself (don't run blind). The script uses jq and optionally the openclaw CLI — install jq or expect failures. (2) Verify which repository URL is authoritative (packaged files contain inconsistent GitHub links). (3) Backup ~/.openclaw and review current agent/crons/skill files — the setup will read and aggregate data from those locations and write registry files; those sources may contain secrets or cron payloads. (4) Consider running the script in a sandbox or on a copy of your ~/.openclaw tree first to see what it creates. (5) If you accept it, avoid blindly adding the recommended AGENTS.md startup lines until you confirm the registries contain only the information you want models to see. (6) If you have sensitive tokens in agent workspaces or cron payloads, remove or redact them before running the setup.

Like a lobster shell, security has layers — review code before you run it.

"/new"vk973ngb5zzewqcj1fvk4tb4sqd84ba0tcontext bridgevk973ngb5zzewqcj1fvk4tb4sqd84ba0tcontext memoryvk973ngb5zzewqcj1fvk4tb4sqd84ba0tlatestvk97b672ackctx2af13318bqsxh84akjjrecall after "/new"vk973ngb5zzewqcj1fvk4tb4sqd84ba0t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments