ClawHub

Prompt Safe

Token-safe prompt assembly with memory orchestration. Use for any agent that needs to construct LLM prompts with memory retrieval. Guarantees no API failure due to token overflow. Implements two-phase context construction, memory safety valve, and hard limits on memory injection.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
4 · 2k · 8 current installs · 9 all-time installs
by@alexunitario-sketch
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md and the included Python implementation all describe the same functionality (two-phase prompt assembly, memory retrieval, token safety). The skill does not request unrelated binaries, environment variables, or config paths — the declared requirements are proportionate to the stated purpose.
Instruction Scope
Instructions are narrowly focused on assembling prompts and memory handling. They do instruct you to copy the provided script into your agent and call its build() API, which is expected. Two points to review: (1) a pre-scan flag indicates 'system-prompt-override' patterns in SKILL.md — while the doc mostly says 'Never downgrade system prompt', the scanner flagged content that could be used for prompt injection strategies and should be manually inspected, and (2) the memory policy explicitly recommends storing user identity, timezone, and similar PII; that is legitimate for memory systems but raises privacy considerations and should be constrained to your data-retention rules.
Install Mechanism
There is no install spec and no downloads; the skill is instruction-only plus a Python file. That is low-risk from an install perspective because nothing external is pulled in at install time. The code would be copied into the agent's codebase when used, so standard code-audit precautions apply.
Credentials
The skill requests no environment variables or credentials. Its memory guidelines permit storing personal data (name, timezone, preferences), which is functionally reasonable for a memory system but requires you to ensure appropriate access controls and retention policies; nothing in the skill asks for unrelated secrets or cloud credentials.
Persistence & Privilege
always is false and the skill does not demand persistent platform privileges. It suggests copying code into your agent (normal). It does not attempt to modify other skills or system-wide settings in the provided materials.
Scan Findings in Context
[system-prompt-override] unexpected: The regex scanner detected patterns associated with system-prompt manipulation in SKILL.md. The doc also contains statements like 'Never downgrade system prompt' and inserts '[System Notice]' when memory is skipped. This could be a false positive (policy text referencing the system prompt), but because prompt-injection techniques often reference system prompts, this should be manually reviewed to ensure there are no directives that would allow the skill to alter or override platform/system prompts at runtime.
What to consider before installing
What to check before installing or using this skill: 1) Audit the code before copying it into any agent. The provided script appears truncated in the packaged file (ends with 'return ful…'), which will cause runtime errors and could be a sign of accidental corruption or tampering. Ensure the build() method returns the assembled prompt (e.g., the full_text or assembled string) and run unit tests with representative inputs. 2) Manually inspect SKILL.md for any phrases that try to change system-level prompts or inject instructions beyond assembling prompts. The scanner flagged a 'system-prompt-override' pattern — this may be a false positive, but verify that no text attempts to override or stealthily alter the agent’s system prompt or control flow. 3) Review memory storage policy for privacy implications. The skill explicitly recommends storing PII-like items (name, timezone, preferences). If you will persist memory, ensure your memory backend enforces encryption, access control, and retention/erasure policies appropriate for PII. 4) Resolve inconsistencies in token-safety settings. The SKILL.md and references disagree on recommended safety margins (0.75 vs 0.85), and the token-estimation heuristics are approximate. Decide on a single safety margin for your deployment and, if your application runs near model limits, prefer an exact BPE estimator (tiktoken or equivalent). 5) Test in a sandbox with mocked get_recent_dialog_fn and memory_search_fn to confirm behavior: ensure no unexpected network calls, no logging of sensitive content to external endpoints, and that the safety valve behaves as documented (skips memory but preserves system prompt and user input). 6) If you lack the ability to audit Python code yourself, don't deploy this into agents that handle sensitive data until a trusted reviewer has validated the implementation and fixed the truncated/broken return. After fixes, re-run static analysis and unit tests. If you want, I can: (a) point out the exact lines in the Python file that look broken and propose a patch to fix the truncated return, (b) search the SKILL.md text for phrases that could be misused to attempt system-prompt changes, or (c) produce a minimal test harness to validate behavior safely.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.4
Download zip
latestvk975xfn83k5a1tjgj9wy2tr1zn80g6ebmemoryvk975xfn83k5a1tjgj9wy2tr1zn80g6ebprompt-engineeringvk975xfn83k5a1tjgj9wy2tr1zn80g6ebtoken-safetyvk975xfn83k5a1tjgj9wy2tr1zn80g6eb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Prompt Assemble

Overview

A standardized, token-safe prompt assembly framework that guarantees API stability. Implements Two-Phase Context Construction and Memory Safety Valve to prevent token overflow while maximizing relevant context.

Design Goals:

  • ✅ Never fail due to memory-related token overflow
  • ✅ Memory is always discardable enhancement, never rigid dependency
  • ✅ Token budget decisions centralized at prompt assemble layer

When to Use

Use this skill when:

  1. Building or modifying any agent that constructs prompts
  2. Implementing memory retrieval systems
  3. Adding new prompt-related logic to existing agents
  4. Any scenario where token budget safety is required

Core Workflow

User Input
    ↓
Need-Memory Decision
    ↓
Minimal Context Build
    ↓
Memory Retrieval (Optional)
    ↓
Memory Summarization
    ↓
Token Estimation
    ↓
Safety Valve Decision
    ↓
Final Prompt → LLM Call

Phase Details

Phase 0: Base Configuration

# Model Context Windows (2026-02-04)
# - MiniMax-M2.1: 204,000 tokens (default)
# - Claude 3.5 Sonnet: 200,000 tokens
# - GPT-4o: 128,000 tokens

MAX_TOKENS = 204000  # Set to your model's context limit
SAFETY_MARGIN = 0.75 * MAX_TOKENS  # Conservative: 75% threshold = 153,000 tokens
MEMORY_TOP_K = 3                     # Max 3 memories
MEMORY_SUMMARY_MAX = 3 lines        # Max 3 lines per memory

Design Philosophy:

  • Leave 25% buffer for safety (model overhead, estimation errors, spikes)
  • Better to underutilize capacity than to overflow

Phase 1: Minimal Context

  • System prompt
  • Recent N messages (N=3, trimmed)
  • Current user input
  • No memory by default

Phase 2: Memory Need Decision

def need_memory(user_input):
    triggers = [
        "previously",
        "earlier we discussed",
        "do you remember",
        "as I mentioned before",
        "continuing from",
        "before we",
        "last time",
        "previously mentioned"
    ]
    for trigger in triggers:
        if trigger.lower() in user_input.lower():
            return True
    return False

Phase 3: Memory Retrieval (Optional)

memories = memory_search(query=user_input, top_k=MEMORY_TOP_K)
for mem in memories:
    summarized_memories.append(summarize(mem, max_lines=MEMORY_SUMMARY_MAX))

Phase 4: Token Estimation

Calculate estimated tokens for base_context + summarized_memories.

Phase 5: Safety Valve (Critical)

if estimated_tokens > SAFETY_MARGIN:
    base_context.append("[System Notice] Relevant memory skipped due to token budget.")
    return assemble(base_context)

Hard Rules:

  • ❌ Never downgrade system prompt
  • ❌ Never truncate user input
  • ❌ No "lucky splicing"
  • ✅ Only memory layer is expendable

Phase 6: Final Assembly

final_prompt = assemble(base_context + summarized_memories)
return final_prompt

Memory Data Standards

Allowed in Long-Term Memory

  • ✅ User preferences / identity / long-term goals
  • ✅ Confirmed important conclusions
  • ✅ System-level settings and rules

Forbidden in Long-Term Memory

  • ❌ Raw conversation logs
  • ❌ Reasoning traces
  • ❌ Temporary discussions
  • ❌ Information recoverable from chat history

Quick Start

Copy scripts/prompt_assemble.py to your agent and use:

from prompt_assemble import build_prompt

# In your agent's prompt construction:
final_prompt = build_prompt(user_input, memory_search_fn, get_recent_dialog_fn)

Resources

scripts/

  • prompt_assemble.py - Complete implementation with all phases (PromptAssembler class)

references/

  • memory_standards.md - Detailed memory content guidelines
  • token_estimation.md - Token counting strategies

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…