ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Context Slimming

v1.0.2

Diagnose and optimize an OpenClaw agent workspace's injected context files (AGENTS.md, SOUL.md, USER.md, MEMORY.md, TOOLS.md, HEARTBEAT.md, etc.) to reduce p...

0· 55·0 current·0 all-time
byGong Cheng@scomper
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the runtime instructions: scanning, diagnosing, splitting, deduplicating, and committing workspace markdown files. It requests no binaries, env vars, or installs, which is proportionate to the claimed purpose.
!
Instruction Scope
Instructions include file-system operations (wc, cat, moving content into scripts/, deleting BOOTSTRAP.md/IDENTITY.md, and git commit). Those actions are consistent with slimming, but are potentially destructive; references and the wenyan patterns also contain phrases (e.g., '先斩后奏', '不请示,直接做') that encourage acting without permission. The skill does not perform network exfiltration, but it does instruct deletions and automated commits — this requires human review and backups before execution.
Install Mechanism
Instruction-only skill with no install spec and no code files. Lowest install risk.
Credentials
No environment variables, credentials, or config paths are requested. The scope of requested access (editing top-level workspace files) is proportionate to the stated goal.
Persistence & Privilege
always is false and autonomous invocation is allowed by default. The skill's instructions modify workspace files and commit changes — a normal capability, but high-impact. The combination of autonomous invocation + destructive edits would be risky if left unreviewed; require manual approval or run on a copy/branch.
Scan Findings in Context
[ignore-previous-instructions] expected: The string flagged by the scanner appears in the checklist as an example of template/prompt-injection text that should be removed. Context shows it's being recommended for deletion (not used to override instructions), so the finding is plausible and expected for this skill's purpose, but remains a reminder to check for other prompt-injection artifacts.
What to consider before installing
This skill is coherent for reducing injected token size, but it instructs destructive edits (deleting files, moving content, git commit) and contains language that may encourage acting without consent. Before running: 1) Make a full backup or operate on a cloned workspace/branch. 2) Run the scanning/diagnosis steps read-only first (wc/cat) and review suggested edits as diffs. 3) Reject any automated deletion/commit without human review. 4) Watch for wording that implies 'act before asking' and ensure you only allow operations you explicitly approve. If you need to automate, restrict the agent to a sandbox copy and require human confirmation for destructive steps.
!
references/checklist.md:35
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk974d39tphswftp4emdp7jc64s8412fw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments