ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Context Memoize

v0.1.0

Caches and manages frequently used context fragments to avoid redundant processing by saving, listing, and clearing cached data.

0· 55·1 current·1 all-time
by@shaoxiang616
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (cache and manage context fragments) align with the instructions, which implement a file-based cache under ~/.openclaw/context-cache. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions are narrowly scoped to saving, listing, and clearing a cache file. They do reference the $CONTENT variable (used to append data) and suggest pre-loading the cache on session startup. The skill does not attempt to read unrelated system files or credentials, but the use of $CONTENT is implicit and not declared.
Install Mechanism
Instruction-only skill with no install steps and no code artifacts — minimal installation risk because nothing is written to disk by an installer.
!
Credentials
The SKILL.md uses $CONTENT but the skill declares no required environment variables. This mismatch means the runtime expects an external value to be provided but doesn't document it. Also, the skill will persist whatever is given into a user file (including secrets) without sanitization or access controls.
Persistence & Privilege
The skill writes persistent data to the user's home (~/.openclaw/context-cache) and suggests auto-loading it on session startup. That is reasonable for a cache, but persistent storage can unintentionally retain sensitive data and will remain until explicitly removed (rm -rf is destructive if misapplied).
Assessment
This skill is coherent and simple, but review these before installing: (1) The runtime uses $CONTENT (not declared); ensure the agent will supply only intended fragments. (2) Anything appended is stored plaintext at ~/.openclaw/context-cache/fragments.md — do not cache secrets or sensitive data. (3) Consider changing the append/clear commands to safer variants (explicit file creation, use a directory listing pattern instead of aggressive rm -rf, and set file permissions). (4) If you plan to preload cached fragments on startup, audit those fragments first to avoid unintentionally exposing private information to agents. If you want stronger safety, require explicit user confirmation before memoizing and add sanitization/limits on fragment size and content.

Like a lobster shell, security has layers — review code before you run it.

cachevk972x3kzsp2kb10988j99wbet584bxpmcontextvk972x3kzsp2kb10988j99wbet584bxpmlatestvk972x3kzsp2kb10988j99wbet584bxpm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments