ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Leyline Progressive Loading

v1.0.0

Context-aware progressive module loading with hub-and-spoke pattern for token optimization. progressive loading, lazy loading, hub-spoke, module selection.

0· 42·1 current·1 all-time
by@athola
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (progressive, hub-and-spoke, token optimization) match the content: SKILL.md and the modules describe selection/load/unload patterns, MECW monitoring, and token budgeting. The required config path (night-market.leyline:mecw-patterns) aligns with a leyline-patterns configuration the skill references.
!
Instruction Scope
Although instruction-only, the SKILL.md explicitly describes behaviors that require access to environment and user files: detecting artifacts and files (e.g., .git, .py), scanning directory structure, checking installed tools, running python validation scripts (plugins/abstract/scripts/validate_budget.py), and calling MECWMonitor/estimate_tokens. Those operations can involve reading the user's workspace, running local scripts, and evaluating an env var (SLASH_COMMAND_TOOL_CHAR_BUDGET) — but the skill metadata does not declare or limit these accesses. The instructions are broad and grant an agent discretion to scan and act on the user's environment.
Install Mechanism
No install spec and no code files are present; this is instruction-only documentation. That reduces disk-write/execution risk from the skill package itself.
!
Credentials
The skill declares no required env vars but the performance budgeting doc references SLASH_COMMAND_TOOL_CHAR_BUDGET (an env var that overrides defaults). The skill requires a config path (night-market.leyline:mecw-patterns) which is reasonable for policy/config, but it's unclear what sensitive data that path contains. The documentation also expects ability to detect files and installed tools (implicit permissions). There is a mismatch between declared requirements and the variables/paths the instructions reference.
Persistence & Privilege
always:false and user-invocable:true (defaults). The skill does not request permanent inclusion or elevated platform privilege. Autonomous invocation is allowed but that is the platform default; no additional persistent privileges are requested by the skill itself.
What to consider before installing
This skill is primarily documentation for building progressive-loading behaviors and is internally coherent with that purpose, but review carefully before giving an agent permission to run it: - The SKILL.md encourages detecting files (.git, .py), scanning directory structure, and running local python scripts — these actions access your workspace and can expose code or metadata. Be explicit about whether you want an agent to scan your files. - The performance doc refers to an env var (SLASH_COMMAND_TOOL_CHAR_BUDGET) that is not declared as required; confirm whether the agent will read or rely on that env var. - The skill requires a config path (night-market.leyline:mecw-patterns); inspect that config to ensure it doesn't contain secrets or sensitive pointers. - Because this is instruction-only, no new binaries or network installs are introduced by the package itself, but the agent following these instructions could execute local scripts or load other skills. If you plan to enable autonomous invocation, restrict file and env access or run in a sandbox until you verify behavior. What would reduce my concern: explicit, narrow statements in the SKILL.md that specify what files/configs are read, a declaration of any env vars used, and an explicit note that no network exfiltration or broad filesystem scans will be performed. If the skill is only used as offline documentation (no agent execution), the practical risk is much lower.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🦞 Clawdis
Confignight-market.leyline:mecw-patterns
latestvk97e87mqeaqsp0njy491vh12ah84sssv
42downloads
0stars
1versions
Updated 5d ago
v1.0.0
MIT-0
@athola
latest
Download

Night Market Skill — ported from claude-night-market/leyline. For the full experience with agents, hooks, and commands, install the Claude Code plugin.

Table of Contents

Progressive Loading Patterns

Overview

Progressive loading provides standardized patterns for building skills that load modules dynamically based on context, user intent, and available token budget. This prevents loading unnecessary content while ensuring required functionality is available when needed.

The core principle: Start minimal, expand intelligently, monitor continuously.

When To Use

Use progressive loading when building skills that:

  • Cover multiple distinct workflows or domains
  • Need to manage context window efficiently
  • Have modules that are mutually exclusive based on context
  • Require MECW compliance for long-running sessions
  • Want to optimize for common paths while supporting edge cases

When NOT To Use

  • Project doesn't use the leyline infrastructure patterns
  • Simple scripts without service architecture needs

Quick Start

Basic Hub Pattern

## Progressive Loading

**Context A**: Load `modules/loading-patterns.md` for scenario A
**Context B**: Load `modules/selection-strategies.md` for scenario B

**Always Available**: Core utilities, exit criteria, integration points

Verification: Run the command with --help flag to verify availability.

Context-Based Selection

from leyline import ModuleSelector, MECWMonitor

selector = ModuleSelector(skill_path="my-skill/")
modules = selector.select_modules(
    context={"intent": "git-catchup", "artifacts": ["git", "python"]},
    max_tokens=MECWMonitor().get_safe_budget()
)

Verification: Run the command with --help flag to verify availability.

Hub-and-Spoke Architecture

Hub Responsibilities

  1. Context Detection: Identify user intent, artifacts, workflow type
  2. Module Selection: Choose which modules to load based on context
  3. Budget Management: Verify MECW compliance before loading
  4. Integration Coordination: Provide integration points with other skills
  5. Exit Criteria: Define completion criteria across all paths

Spoke Characteristics

  1. Single Responsibility: Each module serves one workflow or domain
  2. Self-Contained: Modules don't depend on other modules
  3. Context-Tagged: Clear indicators of when module applies
  4. Token-Budgeted: Known token cost for selection decisions
  5. Independently Testable: Can be evaluated in isolation

Selection Strategies

See modules/selection-strategies.md for detailed strategies:

  • Intent-based: Load based on detected user goals
  • Artifact-based: Load based on detected files/systems
  • Budget-aware: Load within available token budget
  • Progressive: Load core first, expand as needed
  • Mutually-exclusive: Load one path from multiple options

Loading Patterns

See modules/loading-patterns.md for implementation patterns:

  • Conditional includes: Dynamic module references
  • Lazy loading: Load on first use
  • Tiered disclosure: Core → common → edge cases
  • Context switching: Change loaded modules mid-session
  • Preemptive unloading: Remove unused modules under pressure

Common Use Cases

  • Multi-Domain Skills: imbue:catchup loads git/docs/logs modules by context
  • Context-Heavy Analysis: Load relevant modules only, defer deep-dives, unload completed
  • Plugin Infrastructure: Mix-and-match infrastructure modules with version checks

Best Practices

  1. Design Hub First: Define all possible contexts and module boundaries
  2. Tag Modules Clearly: Use YAML frontmatter to indicate context triggers
  3. Measure Token Cost: Know the cost of each module for selection
  4. Monitor Loading: Track which modules are actually used
  5. Validate Paths: Verify all context paths have required modules
  6. Document Triggers: Make context detection logic transparent

Module References

  • Selection Strategies: See modules/selection-strategies.md for choosing modules
  • Loading Patterns: See modules/loading-patterns.md for implementation techniques
  • Performance Budgeting: See modules/performance-budgeting.md for token budget model and optimization workflow

Integration with Other Skills

This skill provides foundational patterns referenced by:

  • abstract:modular-skills - Uses progressive loading for skill design
  • conserve:context-optimization - Uses for MECW-compliant loading
  • imbue:catchup - Uses for context-based module selection
  • Plugin authors building multi-workflow skills

Reference in your skill's frontmatter:

dependencies: [leyline:progressive-loading, leyline:mecw-patterns]
progressive_loading: true

Verification: Run the command with --help flag to verify availability.

Exit Criteria

  • Hub clearly defines all module loading contexts
  • Each module is tagged with activation context
  • Module selection respects MECW constraints
  • Token costs measured for all modules
  • Context detection logic documented
  • Loading paths validated for completeness

Troubleshooting

Common Issues

Command not found Ensure all dependencies are installed and in PATH

Permission errors Check file permissions and run with appropriate privileges

Unexpected behavior Enable verbose logging with --verbose flag

Comments

Loading comments...