Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Subagent Distiller
v3.0.1自动增量提取对话中的结构化知识,智能过滤无用信息,动态聚类主题,支持状态追踪和长期价值沉淀。
⭐ 0· 305·2 current·2 all-time
byPeng Shu@mashirops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (incremental distillation of conversation memory) aligns with the included scripts: incremental_slice.py reads session jsonl and produces slices, realtime_distill.py prepares extraction tasks and finalizes cards, domain_consolidate.py merges domains, lifecycle_manager.py manages reminders, and bulk_cleanup.py re-evaluates/archives cards. No unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md and scripts instruct the agent/operator to read conversation session files, create slices, generate extraction tasks, and rely on a 'main agent / sessions_spawn' subagent to run the prompts — meaning raw conversation content will be sent to whatever model/process handles those tasks. bulk_cleanup.py can archive (move) many topic files (requires explicit --exec to perform deletes), and crontab instructions schedule automatic runs. Also note a minor inconsistency in SKILL.md's example git clone URL (github.com/yourname/...) vs package.json repository (github.com/openclaw/...), which should be clarified before installing.
Install Mechanism
No install spec or remote downloads; this is instruction-and-script based. No brew/npm/remote archive downloads are performed by the repo itself. Scripts operate on local files only.
Credentials
The skill requests no environment variables or credentials (proportional). However all scripts use hard-coded absolute paths under /home/aqukin/.openclaw/workspace and related dirs — you must adjust those to your environment. The scripts read session logs (sensitive conversational data) and write state, chunks, tasks, and topic files to disk; no external network endpoints are contacted by the scripts themselves.
Persistence & Privilege
Skill does not request always:true and does not modify other skills. It writes its own state and outputs to the workspace and memory directories (normal for this functionality). Cron instructions are suggested but are user-controlled (manual crontab edits).
Assessment
This skill appears internally coherent and implements what it claims, but take these precautions before installing/running:
- Backup your memory/topics and related workspace directories (the scripts will move/archive topic files and create/overwrite cards).
- Update the hard-coded paths (/home/aqukin/...) in the scripts to match your environment to avoid accidental edits in the wrong home directory.
- Confirm which agent/model/process will execute the extraction tasks (extraction_tasks.json / sessions_spawn). The system will send raw conversation slices to that processor, so ensure the model/endpoint is authorized and acceptable for processing sensitive data.
- Clarify the repository URL inconsistency in SKILL.md vs package.json and prefer obtaining the code from a trusted source (verify upstream repo/commit history).
- Run in a test environment first (or run incremental_slice and realtime_distill in dry-run / inspect-mode) to observe outputs before adding cron jobs or using bulk_cleanup --exec.
- Note: bulk_cleanup prints what would be deleted and requires --exec to perform moves, but review the printed list carefully before executing.
If you want, I can list the exact files/lines that reference hard-coded paths and suggest safe edits to make the skill use a configurable workspace path.Like a lobster shell, security has layers — review code before you run it.
latestvk971b129hhq1vrgtzn965ng0e182cjg3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.