ClawHub

Shadows Context Optimizer

v1.1.0

Token and context window optimization — compact prompts, reduce redundancy, prioritize critical context. Use when hitting context limits or to improve agent...

0· 219·0 current·0 all-time
by@nakedoshadow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (context/token optimization) align with the guidance in SKILL.md: compacting prompts, summarization, selective file reads, and subagent delegation are appropriate techniques for that purpose.
!
Instruction Scope
The PREREQUISITES and SECURITY CONSIDERATIONS sections assert the skill is 'advisory' and 'does not execute commands, read files, make network calls, modify configuration, or store data.' Yet the Techniques and Principles explicitly instruct the agent to 'Read file.py lines 45-80', 'grep specific directories', and 'spawn a subagent for codebase exploration.' Those operations involve accessing files and tools and could cause the agent to read or transmit data. The instructions are also somewhat open-ended (e.g., 'use subagents', '3-search maximum') giving the agent broad discretion about when and how to access data.
Install Mechanism
Instruction-only skill with no install spec and no code files — low installation risk (nothing is written/downloaded).
Credentials
The skill requests no environment variables, credentials, or config paths. Its listed requirements are proportional to its stated advisory purpose.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It does not request persistent presence or modify other skills' configs. Note: the SKILL.md encourages spawning subagents and changing agent behavior at runtime — autonomous invocation is platform-default, so this is not flagged alone but should be considered when enabling the skill.
What to consider before installing
This skill appears to be a sensible advisory guide for reducing token usage, but its documentation contradicts itself: it claims 'no file access' while telling the agent to read specific file ranges, grep directories, and spawn subagents. Before installing or enabling it widely, consider: 1) Do you trust the agent to read project files? If not, limit the agent's tool/file access or run the skill only in a sandboxed session. 2) Ask the publisher to clarify the contradiction and to provide explicit, safe patterns for file access (e.g., require explicit user approval before reading files). 3) Monitor/log file reads and network calls when you first use the skill. 4) If you want stricter control, keep the skill disabled by default and enable it only for sessions where selective file access and subagent spawning are acceptable.

Like a lobster shell, security has layers — review code before you run it.

latestvk971xyq7m2sd6b38rayqp6bsah82fxtm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
OSmacOS · Linux · Windows

Comments