ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Conserve Mcp Code Execution

v1.0.0

Optimize multi-tool workflow chains via MCP server integration for processing large datasets, files, or complex pipelines

0· 75·1 current·1 all-time
by@athola
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim an MCP hub for orchestrating multi-tool/subagent workflows; the included markdown modules (coordination, patterns, subagents, validation) align with that purpose. However the SKILL instructs the agent to run Python module commands (e.g., `python -m module_name` / `tools/extracted_tool.py --input ...`) and to 'verify installation --help' despite there being no code files or install spec in this package. The SKILL also tells users to install the external "Claude Code" plugin for the full experience, indicating this skill is documentation for another runtime rather than a self-contained skill.
!
Instruction Scope
The instructions include runtime actions that could read/write external state: 'store_intermediate_result', 'store_external_result', 'verify_external_storage(result.external_location)', 'append_to_coordination_log(log_entry)', and 'capture_context_state()'. None of these external storage endpoints or mechanisms are specified in the skill or declared config; the text gives no limits on what gets stored. The docs also reference environment variables (e.g., ENABLE_TOOL_SEARCH, ENABLE_CLAUDEAI_MCP_SERVERS) and other platform behaviors that are not declared in the skill metadata. Because the agent would be free to choose storage endpoints and run pseudo-code actions, this creates a risk that running the skill could cause data to be written or transmitted outside expected boundaries.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only. That minimizes the risk of arbitrary third-party code being downloaded or installed by the skill itself. The downside is that instructions assume external components exist (Claude Code, tools/extracted_tool.py), which the skill does not supply.
!
Credentials
The skill declares required config paths (night-market.* keys) which are coherent with a Night Market/Claude Code integration. It requests no credentials or required env vars in metadata, yet the instructions reference environment toggles (ENABLE_TOOL_SEARCH, ENABLE_CLAUDEAI_MCP_SERVERS) and connectors at claude.ai/settings/connectors. Those env vars and connectors are not declared as required, and no storage endpoints / credentials for external storage are provided — this mismatch could lead an agent to consult unrelated environment variables or to surface sensitive context into unspecified external storage.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and has no install behavior. That keeps platform-level privileges low. Still, the instructions encourage storing intermediate and emergency state externally and appending logs with captured context snapshots; while not a platform persistence request, this behavior could create persistent records outside the platform if an agent follows the instructions. This is an operational risk rather than a platform-privilege flag.
What to consider before installing
This skill is mainly documentation for an MCP orchestration hub intended to run inside a Claude Code environment, not a self-contained executable. Before installing or using it: 1) Do not assume the `python -m ...` commands or tools referenced exist — there are no code files in this package. 2) Ask the publisher which external storage endpoints and credentials the skill expects (where are 'intermediate' and 'external' results stored?), and how sensitive context/state is protected. 3) Be cautious about running it in an environment with private data: the instructions explicitly call for capturing and storing context snapshots but do not specify destinations or access controls. 4) If you plan to use it, run it only in an isolated/test environment first, and require explicit, auditable configuration for any external storage or connector (do not let the agent pick arbitrary endpoints). 5) If you need to proceed, request a version that either includes the runtime code/tools or a clear mapping from the skill's config keys to concrete, trusted services and credentials so you can validate what will be accessed and stored.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
Confignight-market.context-optimization, night-market.token-conservation, night-market.mcp-subagents, night-market.mcp-patterns, night-market.mcp-validation
latestvk972dgwkr69e7awz9rya76p02n84m6mn
75downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@athola
latest
Download

Night Market Skill — ported from claude-night-market/conserve. For the full experience with agents, hooks, and commands, install the Claude Code plugin.

Table of Contents

MCP Code Execution Hub

Quick Start

Basic Usage

```bash

Run the main command

python -m module_name

Show help

python -m module_name --help ```

Verification: Run with --help flag to confirm installation.

When To Use

  • Automatic: Keywords: code execution, MCP, tool chain, data pipeline, MECW
  • Tool Chains: >3 tools chained sequentially
  • Data Processing: Large datasets (>10k rows) or files (>50KB)
  • Context Pressure: Current usage >25% of total window (proactive context management)

MCP Tool Search (Claude Code 2.1.7+): When MCP tool descriptions exceed 10% of context, tools are automatically deferred and discovered via MCPSearch instead of being loaded upfront. This reduces token overhead by ~85% but means tools must be discovered on-demand. Haiku models do not support tool search. Configure threshold with ENABLE_TOOL_SEARCH=auto:N where N is the percentage.

Subagent MCP Access Fix (Claude Code 2.1.30+): SDK-provided MCP tools are now properly synced to subagents. Prior to 2.1.30, subagents could not access SDK-provided MCP tools — workflows delegating MCP tool usage to subagents were silently broken. No workarounds needed on 2.1.30+.

Claude.ai MCP Connectors (Claude Code 2.1.46+): Users logged into Claude Code with a claude.ai account may have additional MCP tools auto-loaded from claude.ai/settings/connectors. These tools contribute to the tool search threshold count. If workflows unexpectedly trigger tool search or context inflation, check /mcp for claude.ai-sourced connectors. Known reliability issue: connectors can silently disappear (GitHub #21817).

MCP Prompt Cache Fix (Claude Code 2.1.70+): MCP servers with instructions connecting after the first turn no longer bust the prompt cache. Previously, a late-connecting MCP server would invalidate cached prompt prefixes, increasing token costs for the rest of the session. On 2.1.70+, prompt cache reuse is preserved regardless of when MCP servers connect.

ToolSearch Reliability Fix (Claude Code 2.1.70+): Empty model responses after ToolSearch are fixed. The server was rendering tool schemas with system-prompt-style tags that could confuse models into stopping early. ToolSearch-heavy workflows (many deferred MCP tools) are now more reliable.

When NOT To Use

  • Simple tool calls that don't chain
  • Context pressure is low and tools are fast

Core Hub Responsibilities

  • Orchestrates MCP code execution workflow
  • Routes to appropriate specialized modules
  • Coordinates MECW compliance across submodules
  • Manages token budget allocation for submodules

Required TodoWrite Items

  1. mcp-code-execution:assess-workflow
  2. mcp-code-execution:route-to-modules
  3. mcp-code-execution:coordinate-mecw
  4. mcp-code-execution:synthesize-results

Step 1 – Assess Workflow (mcp-code-execution:assess-workflow)

Workflow Classification

def classify_workflow_for_mecw(workflow):
    """Determine appropriate MCP modules and MECW strategy"""

    if has_tool_chains(workflow) and workflow.complexity == 'high':
        return {
            'modules': ['mcp-subagents', 'mcp-patterns'],
            'mecw_strategy': 'aggressive',
            'token_budget': 600
        }
    elif workflow.data_size > '10k_rows':
        return {
            'modules': ['mcp-patterns', 'mcp-validation'],
            'mecw_strategy': 'moderate',
            'token_budget': 400
        }
    else:
        return {
            'modules': ['mcp-patterns'],
            'mecw_strategy': 'conservative',
            'token_budget': 200
        }

Verification: Run the command with --help flag to verify availability.

MECW Risk Assessment

Delegate to mcp-validation module for detailed risk analysis:

def delegate_mecw_assessment(workflow):
    return mcp_validation_assess_mecw_risk(
        workflow,
        hub_allocated_tokens=self.token_budget * 0.5
    )

Verification: Run the command with --help flag to verify availability.

Step 2 – Route to Modules (mcp-code-execution:route-to-modules)

Module Orchestration

class MCPExecutionHub:
    def __init__(self):
        self.modules = {
            'mcp-subagents': MCPSubagentsModule(),
            'mcp-patterns': MCPatternsModule(),
            'mcp-validation': MCPValidationModule()
        }

    def execute_workflow(self, workflow, classification):
        results = []

        # Execute modules in optimal order
        for module_name in classification['modules']:
            module = self.modules[module_name]
            result = module.execute(
                workflow,
                mecw_budget=classification['token_budget'] //
                len(classification['modules'])
            )
            results.append(result)

        return self.synthesize_results(results)

Verification: Run the command with --help flag to verify availability.

Step 3 – Coordinate MECW (mcp-code-execution:coordinate-mecw)

Cross-Module MECW Management

  • Monitor total context usage across all modules
  • Enforce 50% context rule globally
  • Coordinate external state management
  • Implement MECW emergency protocols

Step 4 – Synthesize Results (mcp-code-execution:synthesize-results)

Result Integration

def synthesize_module_results(module_results):
    """Combine results from MCP modules into structured output"""

    return {
        'status': 'completed',
        'token_savings': calculate_savings(module_results),
        'mecw_compliance': verify_mecw_rules(module_results),
        'hallucination_risk': assess_hallucination_prevention(module_results),
        'results': consolidate_results(module_results)
    }

Verification: Run the command with --help flag to verify availability.

Module Integration

Available Modules

  • See modules/mcp-coordination.md for cross-module orchestration
  • See modules/mcp-patterns.md for common MCP execution patterns
  • See modules/mcp-subagents.md for subagent delegation strategies
  • See modules/mcp-validation.md for MECW compliance validation

With Context Optimization Hub

  • Receives high-level MECW strategy from context-optimization
  • Returns detailed execution metrics and compliance data
  • Coordinates token budget allocation

Performance Skills Integration

  • uses python-performance-optimization through mcp-patterns
  • Aligns with cpu-gpu-performance for resource-aware execution
  • validates optimizations maintain MECW compliance

Emergency Protocols

Hub-Level Emergency Response

When MECW limits exceeded:

  1. Delegates immediately to mcp-validation for risk assessment
  2. Route to mcp-subagents for further decomposition
  3. Apply compression through mcp-patterns
  4. Return minimal summary to preserve context

Success Metrics

  • Workflow Success Rate: >95% successful module coordination
  • MECW Compliance: 100% adherence to 50% context rule
  • Token Efficiency: Maintain >80% savings vs traditional methods
  • Module Coordination: <5% overhead for hub orchestration

Troubleshooting

Common Issues

Command not found Ensure all dependencies are installed and in PATH

Permission errors Check file permissions and run with appropriate privileges

Unexpected behavior Enable verbose logging with --verbose flag

Comments

Loading comments...