Dynamic Session Context

The plugin's code and instructions match its stated purpose (injecting per-session prompts/skill hints and optional model/provider overrides), but there are a few metadata and operational details you should review before installing.

This plugin appears to do exactly what it says: detect a 'profile' from session keys/messages and prepend/append prompt fragments or return model/provider overrides. Before enabling it: 1) Review profiles.json (and any profilesPath you configure) — do not point profilesPath to sensitive system files and ensure profile systemPrompt entries do not contain secrets. 2) Check any provider/model names in profiles (e.g., 'xgjk-openapi') and make sure you trust those providers and that credentials for them are managed by the platform (plugin does not supply credentials). 3) Be aware logs are written to /tmp/dynamic-session-context-final.log and may include profile names and snippets of prompts; rotate/secure or disable logging if that is a concern. 4) Note the metadata omits the environment variables the plugin will read (OPENCLAW_SESSION_LABEL, DYNAMIC_SESSION_PROFILE) — this is a minor metadata mismatch, not functional maliciousness. If you need higher assurance, inspect the profiles.json content you will load and run the plugin in a controlled environment first.