Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Context Budgeting Pro
v1.0.0Manage and optimize OpenClaw context window usage via partitioning, pre-compression checkpointing, and information lifecycle management. Use when the session...
⭐ 0· 280·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to manage context but the distributed artifacts reveal mismatches: the provided script invokes an 'openclaw' CLI and references a hard-coded workspace (/Users/yang/clawd), yet the registry metadata declares no required binaries or config paths. A context-budgeting tool plausibly needs an OpenClaw control mechanism, but the skill should declare that dependency and a configurable workspace path instead of embedding a specific user's path.
Instruction Scope
SKILL.md mandates creating/updating memory/hot/HOT_MEMORY.md and running the script to 'finalize compaction' and instructs removing large raw data after summarization. Those actions directly modify local session state and can cause loss of raw outputs if run incorrectly. The instructions also reference a 'Heartbeat' check and '/status' without specifying how to access that status endpoint or what privileges are required.
Install Mechanism
There is no install spec (instruction-only) which limits on-disk risk, but the included scripts/gc_and_checkpoint.sh will run locally and call external binaries. The lack of an install spec is not itself dangerous, but the script assumes the presence of an 'openclaw' command and a specific filesystem layout without declaring or installing them.
Credentials
The skill requests no environment variables or credentials, which superficially looks benign, but the script accesses a hard-coded absolute path and will read/write HOT_MEMORY.md under that workspace. This is disproportionate because the skill did not declare the need to access that path or the openclaw CLI; it therefore may unexpectedly touch user files. No secrets are requested, however.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges. It does invoke session compaction via the OpenClaw CLI which alters agent/session state — a legitimate action for this skill — but combined with the undeclared dependency and hard-coded path, it increases the risk of unintended state changes.
What to consider before installing
This skill appears to do what it says (manage context), but it contains unsafe assumptions and omissions. Before installing: (1) review and edit scripts/gc_and_checkpoint.sh — replace the hard-coded WORKSPACE with a configurable path and verify it points to the intended directory; (2) confirm the 'openclaw' CLI exists and is the correct binary, and add that as a declared dependency; (3) back up HOT_MEMORY.md and any large raw outputs — compaction can delete or permanently discard raw data; (4) test the script in a non-production environment to confirm behavior; (5) ask the author why no required binaries/config paths were declared and request explicit documentation for the heartbeat /status check; (6) if you cannot verify the script and its effects, do not run it with real sessions or sensitive data. These issues look like sloppy configuration rather than clearly malicious code, but they create an elevated risk of accidental data loss or unintended session changes.Like a lobster shell, security has layers — review code before you run it.
latestvk97eck6j1bg2x9qmb7vm5r5zax82h7mw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.