ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Context Memoize Cache

v0.1.0

Caches user-specified context fragments in a file to avoid redundant processing and enable reuse across sessions.

0· 51·0 current·0 all-time
by@shaoxiang616·duplicate of @shaoxiang616/context-memoize
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description say it caches context fragments; the SKILL.md only reads/writes a per-user path (~/.openclaw/context-cache/fragments.md) and provides list/clear operations — this is coherent and proportional to the stated purpose.
Instruction Scope
Instructions are narrowly scoped to appending, listing, and deleting a cache file. They rely on a runtime variable ($CONTENT) but do not specify sanitization, delimiters, or size limits. The instructions also recommend cat'ing the cached file at agent session startup which will automatically inject all persisted fragments into future sessions — this can accidentally re-expose secrets or stale context.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written by an installer, which minimizes supply-chain risk.
Credentials
No environment variables, credentials, or config paths outside a single user-local directory are requested. The requested resources are proportional to a simple cache skill.
Persistence & Privilege
The skill persists user-provided content under the home directory and recommends pre-loading it at session startup. That persistent presence is expected for a cache, but it increases risk of unintended data retention or cross-session leakage of sensitive context. The skill does not request elevated privileges or force installation (always: false).
Assessment
This skill is coherent with its stated purpose, but it writes whatever the agent considers "context" to ~/.openclaw/context-cache/fragments.md and recommends automatically cat'ing that file into new sessions. Before installing or enabling: (1) Do not memoize secrets, passwords, API keys, or other sensitive material — anything written is persistent on disk. (2) Consider restricting permissions on ~/.openclaw/context-cache/ (chmod 700) and routinely auditing or clearing the cache. (3) If you want stronger guarantees, modify the workflow to add delimiters, size limits, redaction, or encrypt cached fragments. (4) Be cautious about enabling the startup preload (AGENTS.md) because it will re-inject cached fragments into future sessions; avoid preloading unless you control the cache contents. There is no network or installer activity in this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ejrp72hew905q5722t2sw3s84aym5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments