Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Compaction UI Enhancements
v2.3.0Background memory compaction with auto-trigger, chat summary paragraph, configurable threshold, model selector, settings tab, and result storage for OpenClaw...
⭐ 0· 543·4 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the code: UI widgets, auto-trigger logic, RPC handlers, and config storage are all consistent with a memory compaction feature. The files only touch agent/session data, model selection, and local config storage—capabilities expected for this feature.
Instruction Scope
SKILL.md states compaction runs in background with toast notifications and 'no blocking modal', but the included UI patch (context-gauge-ui.diff) actually renders a full-screen fixed overlay/modal for manual compaction phases. That contradicts the stated non-blocking behavior and the 'Full Background Isolation' claim. Also the skill injects extra instructions into the compaction LLM call (adds a Conversation Summary paragraph) and optionally persists LLM-generated summaries to disk; both are within feature scope but are important privacy/behavior changes that the user should explicitly approve.
Install Mechanism
No install spec or external downloads. The package is instruction/code-only and uses local imports. No remote artifacts or unusual install mechanisms are present.
Credentials
The skill declares no required environment variables. The server RPC code references process.env.OPENCLAW_WORKSPACE and process.env.HOME as workspace fallbacks — normal and non-sensitive. The settings UI allows selecting custom models (which implicitly requires provider API keys), but the skill does not demand any unrelated credentials. Persisting compaction results to {agentDir}/compaction-config.json can store conversation summaries when enabled; users should consider this privacy tradeoff.
Persistence & Privilege
always: false. The skill writes its own compaction-config.json under the agent directory and updates session store counts as part of compaction — expected for this functionality. It does not modify other skills' configs. However, it does invoke the embedded compaction runner on the server side (compaction runs may call provider LLMs), which increases the reach of the feature; combined with stored summaries this raises privacy considerations.
What to consider before installing
This package appears to implement the advertised compaction UI features, but review before enabling: 1) UI behavior mismatch — the README claims purely background toasts and 'no blocking modal', yet the UI patch shows a full-screen overlay for manual compaction; ask the author to confirm intended UX. 2) Conversation summary injection — compaction will prepend a natural-language summary to compaction output and that text can be persisted to {agentDir}/compaction-config.json when 'Store Results' is enabled; if you are concerned about storing chat content, keep storage off. 3) Model selection — choosing a custom compaction model will use your existing auth chain and may require provider API keys; validate that you want compaction to run against external LLMs. 4) File writes — the skill reads/writes agent/session files and uses workspace paths (OPENCLAW_WORKSPACE/HOME); this is expected but verify the storage location and retention policy. If these behaviors are acceptable and the modal vs toast inconsistency is resolved, the skill appears coherent; otherwise request the author clarify and adjust the UI/modal behavior before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97a4stywe3y7cf0rfnec7e9jd82kcpe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.