ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Paid Bundle V1.1

v1.1.1

Production-validated OpenClaw skills built for production Claude Code deployments. Compaction, loop termination, session memory, bash security, agent memory...

0· 74·1 current·1 all-time
by~K¹yle Million@thebrierfox

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for thebrierfox/paid-bundle-v1-1.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Paid Bundle V1.1" (thebrierfox/paid-bundle-v1-1) from ClawHub.
Skill page: https://clawhub.ai/thebrierfox/paid-bundle-v1-1
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install paid-bundle-v1-1

ClawHub CLI

Package manager switcher

npx clawhub@latest install paid-bundle-v1-1
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes production-focused architectures (compaction, loop termination, memory scoping, bash validators, coordinator/fork patterns) and the requested actions (copy SKILL.md files to ~/.openclaw/workspace/skills and set a memory dir) align with that purpose. However the bundle claims 7 phase files but this package contains only a single descriptor; that omission is inconsistent with the stated package contents and source (homepage/source unknown) is not provided.
!
Instruction Scope
Runtime instructions tell the user to copy seven SKILL.md files into the agent skills directory and to set CLAUDE_CODE_REMOTE_MEMORY_DIR for persistent memory; the descriptor also references 'file scanning' and forked agent behavior. Those capabilities (persisting/scanning files, spawning/forking agents, sharing caches) expand what an agent may access and do autonomously — so you must inspect the actual per-phase SKILL.md files before installation. The metadata claims no required env vars but the doc explicitly instructs setting CLAUDE_CODE_REMOTE_MEMORY_DIR, an inconsistency.
Install Mechanism
There is no automated install spec (instruction-only), so nothing will be written automatically by an installer. That lowers technical install risk, but the instructions assume you will obtain and copy seven SKILL.md files from the package — those files are not present here and no authoritative download location or release host is provided. Manual file copying from an unknown source is a potential supply-chain risk.
!
Credentials
The bundle requests a single non-secret env var (CLAUDE_CODE_REMOTE_MEMORY_DIR) for persistence; that by itself is reasonable. But registry metadata lists no required env vars while the SKILL.md mandates this variable — an inconsistency. Also enabling remote/persistent memory and file-scanning behaviors increases how much local data an agent may access; while not a credential request, this is a higher-privilege capability and should be justified and audited.
!
Persistence & Privilege
The skill instructs installing persistent SKILL.md files into the agent skills directory and sets up remote-memory persistence (survives WSL2 resets), plus multi-agent coordinator and forked-agent patterns. Those persistent capabilities and agent-spawning behaviors broaden the blast radius for an autonomously-invoking agent. 'always' is false, but combined with the other capabilities this heightens risk if you enable these features without code/content review.
What to consider before installing
Do not install blindly. Before copying anything: 1) obtain the seven phase SKILL.md files from a trustworthy source (official ClawHub or the known vendor) — do not paste files from random locations; 2) manually inspect each phase SKILL.md to see exactly what file paths, scans, or commands the agent will run (look for any references to reading system files, credentials, network exfiltration, or exec of arbitrary binaries); 3) confirm why CLAUDE_CODE_REMOTE_MEMORY_DIR is needed and pick a restricted path (not a system or root-owned dir); 4) run the bundle first in an isolated VM or disposable account to observe behavior; 5) prefer vendors that publish source/release URLs and checksums; 6) if you allow autonomous invocation, limit model/skill permissions and monitor logs for unexpected spawning or file access. If you cannot verify the origin of the missing phase files or cannot review their contents, treat the bundle as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk972b3bdb83wd9abs1qn0ws32d845r0q
74downloads
0stars
1versions
Updated 3w ago
v1.1.1
MIT-0
~K¹yle Million@thebrierfox
latest
Download

Production Agent Ops — Battle-Tested Architecture Pack

Free primers included in this bundle:

These are free on ClawHub. Read them before installing this bundle.

What's In This Bundle

7 production architecture files built for production Claude Code deployments. Each one is a complete SKILL.md with behavioral specification, exact constants, and setup guide.

Phase 1 — COMPACTION_ARCHITECTURE.md

Token thresholds, 6-condition autocompact gate, 3-strike circuit breaker, post-compaction cleanup, microcompaction, recursion guards, summary structure. Eliminates context death spirals.

Phase 2 — LOOP_TERMINATION_ARCHITECTURE.md

BudgetTracker state object, 5-condition termination logic, diminishing returns detection, stop hook execution sequence, recursion safety for nested agents. Prevents runaway token burn in autonomous loops.

Phase 3 — SESSION_MEMORY_ARCHITECTURE.md

Dual memory systems (session + long-term), extraction agent protocol, UUID cursor integrity, forked agent cache-sharing pattern, drain protocol on shutdown. Your agent remembers what matters across sessions.

Phase 4 — BASH_SECURITY_ARCHITECTURE.md

23 validators across 7 categories: text, structural, encoding, Bash-specific, Zsh-specific, persistence vectors, escalation vectors. Closes the attack surface ClawHavoc exploited.

Phase 5 — AGENT_MEMORY_SCOPING_ARCHITECTURE.md

Three memory scopes, CLAUDE_CODE_REMOTE_MEMORY_DIR env var, snapshot system, file scanning, cost attribution, tiered model routing for memory operations. Persistent memory that survives WSL2 resets and session restarts.

Phase 6 — AEGIS_COORDINATOR_RESUME_INTEGRITY.md

Mode mismatch correction on session resume, coordinator operational rules, worker spawning, continue-vs-spawn decision logic, verification standards, failure handling. Multi-agent coordination without losing state on resume.

Phase 7 — AEGIS_FORKED_AGENT_SKILL_ARCHITECTURE.md

Forked agent pattern, cache-safe params (critical five fields), fork isolation, skill architecture, resolution order, change detection (300ms debounce), skillify workflow. 50-70% token cost reduction on extraction tasks via cache-sharing forks.

Setup

Quick Install

# Create skills directory
mkdir -p ~/.openclaw/workspace/skills/production-agent-ops

# Copy all 7 SKILL.md files (downloaded from this package)
cp *.md ~/.openclaw/workspace/skills/production-agent-ops/

# Reload OpenClaw
openclaw gateway restart

Recommended Install Order

Install phases in sequence. Each phase builds on the previous:

  1. Phase 4 first (bash security) — harden exec before expanding agent capabilities
  2. Phase 1 (compaction) — configure context management
  3. Phase 2 (loop termination) — add budget governance to agent loops
  4. Phase 3 (session memory) — enable cross-session memory
  5. Phase 5 (memory scoping) — set CLAUDE_CODE_REMOTE_MEMORY_DIR for persistence
  6. Phase 6 (coordinator) — enable multi-agent coordination
  7. Phase 7 (forked agent) — add cache-sharing for cost reduction

Critical Environment Variable

Phase 5 requires this env var to persist memory across WSL2 resets:

export CLAUDE_CODE_REMOTE_MEMORY_DIR=/home/aegis/.openclaw/workspace/.memory

Add to ~/.bashrc and set in openclaw.json env vars. Without this, memory is WSL2-local and can be lost on reset.

What These Constants Are

These are not theoretical values or documentation approximations. They were extracted from production Claude Code deployments and cross-referenced against production telemetry:

  • Token thresholds: p99.99 summary output distribution
  • Circuit breaker: failure distribution data from production compaction runs
  • Bash validators: actual attack vectors from the ClawHavoc incident (341 skills)
  • Memory scoping: CLAUDE_CODE_REMOTE_MEMORY_DIR behavior in Claude Code deployments

If Anthropic changes these values in Claude Code, this package will be updated. Current extraction date: 2026-03-31.

Pricing Rationale

Individual skills: $19 each × 2 = $38 minimum for compaction + bash security alone. This bundle: $69 for all 7 phases.

The two phases not sold individually (loop termination, session memory, memory scoping, coordinator mode, forked agent) are available only in this bundle.

Compatibility

  • OpenClaw 2026.3.x and above
  • All major models: claude-haiku-4-5, claude-sonnet-4-6, claude-opus-4-6
  • WSL2 Ubuntu (primary test environment)
  • Native Linux (compatible)
  • macOS (compatible, minor path differences noted in Phase 5)

Comments

Loading comments...