Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Context Guardian Pro
v1.0.0Automates context monitoring by summarizing history, saving to long-term memory, and sending QQ alerts when session message or token limits approach threshold.
⭐ 0· 0·0 current·0 all-time
byliu hongbin@artwebs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to monitor session pressure, summarize history, persist memory, and send QQ alerts — that purpose matches the included code at a high level. However, the code calls the 'openclaw' CLI and imports a 'taskflow' module even though the skill metadata lists no required binaries or dependencies. The package.json also lists no dependencies. The discrepancy between declared requirements (none) and actual runtime needs (openclaw CLI, taskflow Python package) is a coherence concern.
Instruction Scope
SKILL.md says the skill integrates with a separate 'summarize' skill and posts via a 'qqbot-channel' interface. The Python code, however, only simulates summarization (writes a local file) and implements send_qq_alert as a local print statement — there is no real QQ network call or use of a 'summarize' skill. The code does run subprocesses (openclaw session_status) and writes to ~/.openclaw/workspace/memory/*; these actions are within the stated purpose but the stated integrations and behaviors are not implemented, which is misleading.
Install Mechanism
There is no install spec (instruction-only), which is low risk in itself, but the bundled code expects external runtime elements (openclaw CLI, a taskflow library). Because no install or dependency instructions are provided, users may have missing dependencies or unknown runtime behavior. No external download URLs or archives are present.
Credentials
The manifest requests no environment variables or credentials, yet the SKILL.md and code discuss sending QQ alerts (which would normally require auth tokens) and integrating with other services. The absence of declared QQ credentials or other access tokens is inconsistent with the described alerting capability and should be clarified before trusting the skill with real alerts.
Persistence & Privilege
The skill does write summaries into the user's home under ~/.openclaw/workspace/memory/YYYY-MM-DD.md — this matches the stated 'memory persistence' purpose and is scoped to the user's OpenClaw workspace. The skill is not marked always:true and does not request broad system privileges. Autonomous invocation is allowed (default), which is normal; combine that with the other inconsistencies when deciding trust.
What to consider before installing
This skill is suspiciously inconsistent rather than obviously malicious. Before installing or enabling it: 1) Ask the author (or check upstream) which binaries and Python packages are required (openclaw CLI, taskflow) and provide an install/dependency spec. 2) Confirm how QQ alerts are authenticated — the skill mentions a qqbot-channel but no credentials or token env vars are declared. 3) Review and test the bundled scripts in a sandbox: guardian.py runs subprocesses and writes to ~/.openclaw/workspace/memory; taskflow_executor uses a hardcoded tilde path that likely won't expand and may be buggy. 4) If you plan to allow autonomous runs, ensure you trust the code (it will read session_status output and append files in your home). If the author cannot justify the missing dependency declarations and credentials, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97dn6641wzfrdvsscztq64c0x84q4k3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.