Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Compaction Survival System
v1.0.0Prevent context loss during LLM compaction via Write-Ahead Logging (WAL), Working Buffer, and automatic recovery. Three mechanisms that ensure critical state...
⭐ 0· 744·6 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (prevent context loss via WAL, working buffer, recovery) maps directly to the runtime instructions (scan incoming messages, write SESSION-STATE.md, maintain memory/working-buffer.md, recover from those files). There are no unrelated environment variables, binaries, or install steps requested; everything requested is proportional to the stated goal.
Instruction Scope
The SKILL.md explicitly instructs the agent to write and read files (SESSION-STATE.md, memory/working-buffer.md, memory/YYYY-MM-DD.md) and to stop responding until WAL updates are written. This is within scope for preserving context, but it also directs the agent to persist exact values, paths, IDs, URLs and other specifics to disk — which can include sensitive data. The instructions reference runtime utilities/values that are not defined in the document (e.g., session_status for context utilization and memory_search), creating implementation ambiguity. The skill also instructs the agent to 'NEVER ask' the user and to recover silently, which could cause the agent to assert recovered context confidently even if recovery is incomplete.
Install Mechanism
There is no install spec and no code files; this is instruction-only. That minimizes supply-chain risk (no downloads, no package installs).
Credentials
The skill requests no environment variables, credentials, or external APIs. That aligns with the described purely behavioral/local approach. Note that absence of credentials does not eliminate privacy risk because the skill persists user-provided specifics to disk.
Persistence & Privilege
The skill instructs persistent file writes into a memory/ directory and SESSION-STATE.md that survive compaction and across sessions. always:false (not always-included) and no system-wide config changes are requested, which is appropriate, but persistence of raw specifics (numbers, paths, IDs, URLs, etc.) is a material privacy/security consideration: files may be readable by other processes, survive backups, or be exfiltrated if the runtime is compromised. The SKILL.md does not specify storage location, access controls, encryption, or retention policies.
Assessment
This skill appears coherent for preventing context loss, but it writes exact details (numbers, paths, IDs, URLs, decisions) to local files which may contain sensitive information. Before installing or enabling it, confirm the following:
- Where will SESSION-STATE.md and memory/ be stored? Ensure the directory is in a controlled, access-restricted location (not world-readable).
- Are these files encrypted at rest or covered by your retention/backup policies? If not, consider adding redaction or encryption.
- Who/what processes can read these files? Make sure other services or users cannot access them.
- Does your OpenClaw runtime provide the referenced utilities (session_status, memory_search)? Define these APIs and their permissions so behavior is deterministic.
- Consider redacting secrets (passwords, API keys) before WAL writes, or add explicit rules to avoid logging credentials.
- Test the behavior in an isolated environment to confirm it recovers as expected and doesn't expose sensitive data or make incorrect assertions.
If you cannot control storage location, access rules, or confirm the runtime utilities, treat this skill cautiously despite its coherence.Like a lobster shell, security has layers — review code before you run it.
compactionvk97edzqzcx6bb67z9rjh48v5nd81xw4gcontextvk97edzqzcx6bb67z9rjh48v5nd81xw4glatestvk97edzqzcx6bb67z9rjh48v5nd81xw4gmemoryvk97edzqzcx6bb67z9rjh48v5nd81xw4gpersistencevk97edzqzcx6bb67z9rjh48v5nd81xw4g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis