Langcache Semantic Caching for OpenClaw
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive prompts or responses, including credentials or personal data, could be stored in the semantic cache if the override is used, despite the documentation presenting the blocks as absolute.
SKILL.md says blocked categories are "blocked at the code level" and cache operations will refuse to store them, but this helper can override the block and persist otherwise-blocked content in LangCache.
--force) force=true ... echo "Warning: --force flag used, storing anyway (not recommended)"
Remove the force override for credentials/PII, or clearly document it as a privileged action requiring explicit user confirmation and audit logging.
An accidental or misunderstood delete/flush command could remove cached responses and cannot necessarily be undone.
The skill exposes user-directed cache mutation operations, including full cache flush. This is purpose-aligned and disclosed, but destructive if run accidentally.
./scripts/langcache.sh delete --id "<entry-id>" ... ./scripts/langcache.sh flush ... Clear all entries (use with caution)
Require explicit user confirmation before delete or flush operations, and prefer scoped deletes by entry ID or tightly bounded attributes.
The API key can authorize cache reads, writes, deletes, or flushes depending on its permissions.
The helper reads local LangCache credentials and sends the API key as a Bearer token to the configured LangCache host; this is expected for the service, but the registry metadata declares no required env vars or primary credential.
source "$SECRETS_FILE" ... -H "Authorization: Bearer ${LANGCACHE_API_KEY}"Use a least-privileged LangCache key scoped to the intended cache, store it securely, and update metadata to disclose the required environment variables.