Skillv1.2.1

ClawScan security

Session Compact · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 11, 2026, 2:55 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package largely matches its stated purpose (session compression) but contains internal inconsistencies and some risky implementation choices (CLI exec usage, mixed doc/test claims, plugin vs skill packaging) that warrant caution before installing.
Guidance: This package appears to implement the session-compaction feature it advertises, but there are a few red flags to check before installing: - Packaging mismatch: the registry lists no install spec, yet the bundle contains a buildable code plugin (TypeScript, bin script, openclaw.plugin.json). Confirm whether you intend to run the code plugin (it requires building and copying into ~/.openclaw/extensions). - Exec/CLI LLM calls: the implementation notes use of execSync to call the OpenClaw CLI for LLM summaries. That is convenient but increases risk (shell invocation, reliance on host CLI config). Inspect the built dist/index.js (or source) for exec/child_process usage and ensure arguments are properly escaped or, ideally, prefer a direct API integration. - File writes & config edits: the plugin will persist JSON sessions under ~/.openclaw/sessions and expects changes to ~/.openclaw/openclaw.json. Back up your OpenClaw config and existing sessions before enabling. - Source provenance: the package lists no homepage and the repository URLs in docs point to GitHub placeholders. If you plan to install, verify the source repository, review the built JS to ensure no hidden network calls or obfuscated code, and prefer installing via the official ClawHub/marketplace rather than manual cloning when possible. - Inconsistent docs: different files claim different coverage/version numbers and at least one doc notes the plugin previously triggered platform security intercepts (execSync usage). Treat these as signs to audit the code rather than immediate red flags. If you are not comfortable auditing the code yourself, ask the maintainer for a signed release on the official registry (ClawHub) or request an upstream review that addresses the execSync usage and clarifies packaging/installation instructions.

Review Dimensions

Purpose & Capability: noteName/description align with the code and docs: the repo contains a compaction engine, session store, session manager, CLI registration, and an openclaw.plugin.json. However there is a packaging mismatch: registry metadata lists this as an instruction-only skill (no install spec), yet the bundle contains a fully fledged code plugin (TypeScript source, bin script, plugin manifest, package.json). That is explainable (workspace skill + accompanying plugin code) but it is an inconsistency the user should be aware of.
Instruction Scope: okSKILL.md and other docs instruct only relevant actions: install/build the plugin, add the plugin id to ~/.openclaw/openclaw.json, restart the gateway, and use openclaw CLI commands. The runtime behavior described (storing sessions under ~/.openclaw/sessions, reading plugin config, compressing messages, fallback to code extraction) is consistent with the code layout. There are no instructions that request unrelated system data or to post data to unknown external endpoints in the provided docs.
Install Mechanism: noteNo formal install spec was included in the registry entry (declared 'instruction-only'), but documentation and package files provide manual install steps (git clone, npm install, build, copy to ~/.openclaw/extensions). The sources are typical (npm/TypeScript project) and there are no opaque download URLs in the provided docs. Still: the mismatch between 'no install spec' and the presence of buildable code is a packaging/documentation inconsistency to check.
Credentials: noteThe skill declares no required env vars or credentials (consistent). The implementation calls the OpenClaw CLI/engine (docs and comments indicate callLLM() currently invokes OpenClaw via execSync), which relies on the host's OpenClaw configuration rather than new secrets. This is proportionate to the stated purpose, but the execSync / CLI-based LLM call means the plugin depends on the host OpenClaw runtime and any credentials it uses — verify that you trust that local configuration.
Persistence & Privilege: okThe plugin persists session data to ~/.openclaw/sessions and expects edits to ~/.openclaw/openclaw.json to enable the plugin/CLI. That level of access is expected for a session-management plugin. The skill does not request global 'always: true' privilege and does not appear to modify other skills' credentials or configs beyond adding itself to plugins.allow (normal for plugins).