ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart Compact

v1.0.0

Smart context compaction for OpenClaw agents. 4-phase progressive strategy: Scan, Extract, Check, Compact. Before running /compact, this skill scans tool out...

0· 90·0 current·0 all-time
by@wavmson·duplicate of @wavmson/smart-compact

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wavmson/pre-compact.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Smart Compact" (wavmson/pre-compact) from ClawHub.
Skill page: https://clawhub.ai/wavmson/pre-compact
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pre-compact

ClawHub CLI

Package manager switcher

npx clawhub@latest install pre-compact
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the SKILL.md: the skill scans tool outputs, extracts important facts, generates a pre-compact checklist, and optionally triggers /compact. The required capabilities (reading conversation and tool outputs, writing daily memory files) align with the stated purpose. Minor mismatch: registry metadata lists 'source: unknown' while README contains explicit GitHub install URLs (wavmson/openclaw-skill-smart-compact).
!
Instruction Scope
Instructions tell the agent to review all tool call results (exec, read, web_fetch, web_search) and extract items including IPs, endpoints, file paths and authentication tokens. The SKILL.md and README claim sensitive items will be redacted, but elsewhere (information classification table) they list '认证令牌 / authentication tokens' under 'Must save' — a direct contradiction that could lead to persisting secrets. The skill also instructs appending to memory/YYYY-MM-DD.md (persistent storage) which widens the scope of data retained.
Install Mechanism
There is no install spec in the registry (instruction-only skill), which is lowest-risk from an automatic install perspective. README suggests optional manual install via ClawHub or cloning/curling from GitHub/raw.githubusercontent.com. That is typical but does advise downloading files from an external repo; the registry's 'source unknown' vs README's GitHub link is an inconsistency you may want to verify before running those commands.
!
Credentials
The skill declares no required environment variables or credentials (good), but its runtime behavior explicitly seeks out authentication tokens and other sensitive items in tool outputs. Because it both (a) states it will redact sensitive info and (b) elsewhere classifies authentication tokens as 'must save', it's unclear whether secrets will be redacted or persisted. Persisting credentials into daily memory files (and then possibly consolidated later by Memory‑Dream) is disproportionate without explicit safeguards and clear redaction rules.
!
Persistence & Privilege
The skill writes extracted data to memory/YYYY-MM-DD.md (append-only), which creates persistent artifacts. Append-only and user-confirmation-before-compact are good principles, but persistent storage of potentially sensitive items (due to the contradiction noted above) increases long-term exposure. The skill does not request always:true or other elevated platform privileges, and it does not claim to modify other skills, which limits system privilege concerns — but persistence of secrets is still a practical risk.
What to consider before installing
What to consider before installing or using this skill: - Clarify the redaction policy with the author: SKILL.md/README both say 'sensitive info will be redacted' and also list authentication tokens under 'must save' — ask which is true and request explicit examples of how tokens are redacted. - Inspect the source before installing: README points to a GitHub repo; verify that the repo and files match the published SKILL.md and that there is no hidden code that exfiltrates data. - Use 'compact check' / read-only mode first: exercise the scan and checklist phases without performing writes, to observe what the skill identifies as important. - Audit memory files: if you enable it, monitor memory/YYYY-MM-DD.md for accidental secrets and set tight filesystem permissions on the memory folder (restrict to the agent user only). - Disable automatic downstream consolidation: if you also use Memory‑Dream or other consolidation skills, ensure they are configured not to pull in these daily logs until you’re confident no secrets are stored. - Prefer testing in an isolated environment: run the skill with non-production data and simulated tool outputs to confirm behavior. - If you must allow it in production, require an explicit policy that the skill never persists raw credentials and add detection (alerting) for credential-like patterns in memory files. Given the contradictory guidance about tokens, avoid enabling persistent writes until the author provides a clear, auditable redaction approach or you instrument and verify the memory outputs yourself.

Like a lobster shell, security has layers — review code before you run it.

latestvk977rq5gnfax887gyjsjgd4xtn841pc9
90downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@wavmson
latest
Download

Smart Compact — 智能压缩增强

四阶段渐进式压缩策略,在 /compact 前先把重要信息救出来。

什么时候用

  • 用户说"智能压缩"、"smart-compact"、"压缩检查"
  • 在手动执行 /compact 之前先跑一遍
  • 对话上下文快满时,主动触发
  • Heartbeat 检测到 context 接近 80% 时自动建议

核心理念

传统的上下文压缩是一刀切——整个对话被浓缩成一段摘要,大量细节在过程中丢失。

Smart Compact 采用四阶段渐进式策略,在 /compact 之前插入一个"预处理"阶段:

  1. 扫描:识别对话中的大块工具输出和关键信息
  2. 提取:把值得保留的信息写入记忆文件
  3. 检查:生成压缩前检查清单,标记风险项
  4. 压缩:用户确认安全后才执行压缩

核心原则:先救再压,宁可多存也不能漏存。

执行流程

Phase 1 — 扫描工具输出

  1. 回顾当前对话中所有的工具调用结果
  2. 识别大块输出(超过 50 行或 2000 字符的工具结果)
  3. 对每个大块输出评估:
    • 是否包含关键信息(决策、配置、错误信息、地址等)
    • 是否已经被后续对话引用或总结过
    • 是否是重复或冗余的(如多次 ls、git status)

Phase 2 — 提取记忆

  1. 从工具输出和对话中提取值得持久化的信息:

    • 新发现的事实:地址、配置值、端点、文件路径
    • 决策和原因:为什么选了方案 A 而不是 B
    • 错误和解决方案:踩坑记录
    • 用户偏好:明确表达的喜好或要求
    • 任务进度:哪些做完了,哪些还没做

  2. 将提取的信息追加写入 memory/YYYY-MM-DD.md

    • 使用 edit(追加模式),绝不覆盖已有内容
    • 每条记忆附带简短的来源说明

Phase 3 — 生成压缩前检查清单

输出一份结构化的检查清单:

📋 Smart Compact 检查清单
━━━━━━━━━━━━━━━━━━━━━━

📊 扫描统计:
- 工具调用总数:N 次
- 大块输出(>50行):N 个
- 已引用/总结过的:N 个
- 可安全压缩的:N 个

💾 已提取到记忆:
- [+] 新事实:简要描述...
- [+] 决策记录:简要描述...
- [+] 错误解决:简要描述...
(共 N 条写入 memory/YYYY-MM-DD.md)

⚠️ 需要注意:
- [!] 某某工具输出包含重要数据但尚未被引用
- [!] 某某配置值只出现在工具输出中

✅ 建议:可以安全执行 /compact

Phase 4 — 执行压缩(可选)

  • 如果检查清单显示"✅ 可以安全压缩",提示用户确认
  • 用户确认后,执行 /compact
  • 如果有 ⚠️ 警告项,先处理完再压缩

规则

必须遵守

  • 绝不丢弃未被记录的关键信息:宁可多存也不能漏存
  • 追加写入:只用 edit 追加到 memory 文件,绝不覆盖
  • 不自动压缩:除非用户明确确认,否则只生成检查清单
  • 透明:每一步操作都告知用户

信息分类标准

  • 必须保存:重要配置、地址端点、文件路径、错误解决方案
  • 建议保存:决策原因、用户偏好、任务进度
  • 可以丢弃:重复的 ls 输出、已被总结的搜索结果、中间调试过程

与 Dream Skill 的配合

Smart Compact 和 Dream 是互补的:

  • Smart Compact:实时的,在压缩前抢救信息 → 写入日记
  • Dream:定期的,把日记整合到长期记忆 → 更新 MEMORY.md

推荐工作流:

  1. 对话中随时触发 Smart Compact 保护信息
  2. 每天凌晨 Dream 整合日记到长期记忆
  3. 形成完整的记忆保护链条

Comments

Loading comments...