ClawHub

Semantic Cache

v1.0.0

Semantic cache for LLM API calls using Redis. Caches responses by meaning, not exact match. Activate when the user wants to cache AI responses, reduce API co...

0· 119·0 current·0 all-time
by@rylinjames
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (node), npm dependencies (redis, openai), and required env vars (REDIS_URL, OPENAI_API_KEY) all match the stated goal of embedding queries, searching Redis vector index, and calling OpenAI on misses. The primary credential (REDIS_URL) is appropriate.
Instruction Scope
SKILL.md and the scripts limit actions to embedding text, searching/creating a Redis vector index, storing results, and calling OpenAI. The code does not read unrelated local files or exfiltrate data to unexpected endpoints. Caveats: the CLI commands and test/stress scripts use redis.keys and redis.del with the KEY_PREFIX and attempt to drop the index; if your Redis contains other keys with the same prefix or you misconfigure REDIS_URL, these commands could delete entries. The stress-test makes many OpenAI embedding requests (costly) and may create many keys during testing.
Install Mechanism
Installation is via normal npm packages (redis, openai) declared in package.json and package-lock.json; no downloads from arbitrary URLs or extractor installs. The package-lock shows many transitive dependencies (expected for these SDKs) — standard but increases the dependency surface.
Credentials
Required env vars (REDIS_URL, OPENAI_API_KEY) are necessary for Redis access and embedding/completion calls. Optional env vars used by the code (SEMANTIC_CACHE_THRESHOLD, SEMANTIC_CACHE_TTL) are reasonable configuration knobs. No unrelated secrets or system credentials are requested.
Persistence & Privilege
Skill does not request always: true and does not modify other skills or system-wide agent settings. It runs as a normal user-invocable tool. Note that autonomous invocation is allowed by default on the platform (not a fault of this skill).
Assessment
This skill appears to be what it claims, but take these precautions before installing/using it: (1) Point REDIS_URL to a Redis instance you control and preferably to a dedicated database/namespace so cache operations (keys, del, ft.dropIndex) don't remove unrelated data. (2) Be aware that running query/test/stress scripts will call OpenAI (embedding + completion) and can incur cost. (3) Use least-privilege credentials for Redis (ACLs or limited user) and rotate API keys as usual. (4) Run tests in a sandboxed/dev environment first to confirm key-prefix behavior and TTLs. (5) If you require stricter review, inspect the package-lock and installed transitive dependencies or run npm audit before deployment.

Like a lobster shell, security has layers — review code before you run it.

latestvk978y80enzvaf8h44b5znt74mh83k5rw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binsnode
EnvREDIS_URL, OPENAI_API_KEY
Primary envREDIS_URL

Install

Nodenpm i -g redis
Nodenpm i -g openai

Comments