ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OC Context Optimizer

v1.2.0

Optimize conversation context by deduplicating, compressing messages, summarizing long chats, and parallelizing tool calls to save tokens and speed execution.

0· 72·0 current·0 all-time
byNarain@penghang1223
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (context optimizer) aligns with the included scripts: microcompact, auto_compactor, streaming_executor, token_budget, tool_defer — all implement token and context optimization features. However SKILL.md repeatedly states this is a system-level runtime optimizer that will be automatically invoked for all agents (system-wide, agent-unaware). The registry metadata and flags do not reflect any elevated installation or system-level entitlement, and no install spec is provided — that mismatch is unexplained.
!
Instruction Scope
SKILL.md instructs or implies invisible, automatic runtime invocation across agents (scope creep). The scripts operate on conversation messages and tool calls (expected) but also: (a) identify file paths mentioned in messages (auto_compactor._identify_preserved_files) which could collect references to local files; (b) persist state/config to disk (token_budget writes logs/token_budget_state.json under the skill repo root; tool_defer may write tool_defer_config.json). The instructions are broad about automatic, runtime-wide application without describing who or how to authorize that integration. That combination grants the skill potential to persist state and run without clear user consent.
Install Mechanism
There is no install spec (instruction-only skill with bundled Python scripts). That is the lower-risk model because nothing is fetched from external URLs. The code files are included in the skill bundle. No external downloads or obscure installers are present in the provided manifest.
Credentials
The skill declares no required environment variables or credentials (good). The tool_defer catalog references many external tool names (Feishu, oauth, browser, etc.) but does not request corresponding credentials. The budget and deferral components read/write files within the skill repo area which is proportionate to their functionality, but file path extraction from message contents could surface local pathnames mentioned in chats — consider whether that is acceptable in your environment.
!
Persistence & Privilege
Although the skill metadata does not request always:true or system privileges, SKILL.md asserts system-level, runtime-wide automatic invocation which contradicts the metadata. Several scripts persist state/config under the repository (token budget writes logs/token_budget_state.json; tool_defer writes tool_defer_config.json if missing). That gives the skill persistent on-disk state. The mismatch between claimed system-level integration and the actual manifest (no install steps) is concerning and should be clarified before granting system-wide deployment.
What to consider before installing
What to consider before installing / enabling: - Mismatch: The README (SKILL.md) says this should be installed system-wide and run automatically for all agents, but the skill package declares no install or privileged flags. Ask the author how this is expected to be integrated and whether explicit admin consent is required. - Persistence: The scripts create and update files (token budget state under logs/, tool_defer_config.json). If you enable this skill, it will leave on-disk state in the agent runtime area. Review and control where state files are written. - Data collection: auto_compactor scans message content for file-path-like strings and returns a list of 'preserved files'. That could surface local file paths mentioned in chats. If your teams discuss sensitive pathnames or secrets in messages, consider the privacy implications. - Autonomy and visibility: SKILL.md claims the optimizer is agent-unaware and automatically applied. Prefer running these scripts manually or in a sandbox first rather than allowing invisible, autonomous modification of conversation contexts. - Review & test: Because the bundle is instruction-only with code files included, review the full code (including truncated parts not provided here) and run the scripts in an isolated test environment to verify behavior. Look for any code paths that read arbitrary filesystem locations or make network calls (none were found in the reviewed fragments, but some files were truncated). - Deployment recommendation: Do not deploy system-wide or enable invisible/autonomous invocation until you (a) confirm how the runtime will integrate this skill, (b) review the remaining code that was truncated in the package, and (c) run the tools in a sandbox to confirm they only operate on the intended files/messages. If you want to use the functionality, prefer explicit, per-agent invocation or wrap these utilities in an audited integration with limited permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwvdt5mbnqps6vc5hqr4xvh840sxa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments