Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Caveman Input Compression
v0.1.0Compress workspace bootstrap files into caveman-speak to reduce input tokens on every session load. Creates .original.md backups before overwriting.
⭐ 0· 15·0 current·0 all-time
byaustrian_guy@ether-btc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code: it compresses markdown files under ~/.openclaw/workspace, creates a backup, and uses a model fallback chain (claude CLI → OpenAI-compatible endpoints → DeepSeek). The requested credentials (optional API keys) are proportional to this purpose.
Instruction Scope
SKILL.md claims 'No user content as shell arguments' and 'Creates .original.md backups', but the implementation: (1) sends user content to subprocess.run for the claude CLI and for curl's -d argument (content appears as command arguments), and (2) creates backups with a different suffix (code uses .md.original, SKILL.md says .original.md). The claude path does not truncate content, so very long files could exceed command-line argument limits. The code does limit content for OpenAI-compatible fallback to 10k chars, but not for claude.
Install Mechanism
No install spec (instruction-only install) and the package is just Python files included in the skill. Nothing is being downloaded or extracted from third-party URLs during install.
Credentials
No required env vars declared in registry, but the code optionally uses MINIMAX_BASE_URL, MINIMAX_API_KEY, OPENAI_API_KEY, DEEPSEEK_API_KEY, COMPRESSION_MODEL and feature flags like CAVEMAN_COMPRESS_MEMORY. These are reasonable for remote model access. However, API keys are passed as literal command arguments/headers to curl and appear on the subprocess command line (and therefore might be visible to other local processes), which is a sensitive handling detail the SKILL.md does not call out.
Persistence & Privilege
Skill is not always-enabled, does not request elevated system persistence, and does not modify other skills or system-wide settings. It operates as a one-shot on explicit paths.
What to consider before installing
This skill is likely what it claims (a workspace markdown compressor) but has small inconsistencies and a few security-relevant behaviors you should be aware of: (1) the backup filename in code is '.md.original' whereas SKILL.md says '.original.md' — confirm where backups will land before running; (2) the implementation passes your file content and API keys to subprocess commands (claude CLI and curl) as command arguments, which can expose them to other local processes via the process list — prefer a dry-run or run in a sandbox first; (3) the claude path does not truncate input, so very large files could break the call; (4) SKILL.md's safety claims (no user content as shell arguments) are misleading. Before installing: review and test the code in a safe environment, run the --dry-run option, ensure you trust any remote base_url/DEEPSEEK endpoints you configure, and back up workspace files manually so you can recover if behavior differs from the documentation.Like a lobster shell, security has layers — review code before you run it.
latestvk9764scvbhm1x66hgsbpe1zm7x84qbhw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.