ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Responses Third-Party Prompt Cache Patch

Patch an installed OpenClaw dist bundle so third-party OpenAI-compatible Responses endpoints keep prompt_cache_key and prompt_cache_retention instead of havi...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 8 · 0 current installs · 0 all-time installs
by@tsunheimat
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The scripts and SKILL.md align with the stated purpose (patching shouldStripResponsesPromptCache in installed OpenClaw bundles). One minor inconsistency: the registry metadata lists no required binaries, but the SKILL.md and scripts explicitly require Python 3 to run the scripts and Node.js for syntax validation (node --check). That mismatch is likely an oversight in metadata but should be corrected before install.
Instruction Scope
The SKILL.md and included scripts limit actions to locating an OpenClaw installation, creating timestamped backups, applying a narrow textual replacement inside the target function, validating with node --check, and supporting dry-run and rollback. The scripts read and write files under the installation's dist/ directory (expected for the stated purpose). They do not perform network calls, read unrelated system credentials, or send data externally.
Install Mechanism
This is instruction-only (no install spec); the shipped Python scripts run locally and perform file operations. No remote downloads, package installs, or extract-from-URL steps are present. The risk is limited to local file modification rather than pulling arbitrary code from the network.
Credentials
The skill requests no environment variables, keys, or credentials. The runtime requirements (Python and Node) are proportional to the tool's operations and are documented in SKILL.md (though not reflected in the registry metadata).
Persistence & Privilege
The skill is not marked always:true and does not modify other skills or global agent configs. It runs only when invoked. Note: because it alters installed bundles, OpenClaw upgrades may revert the patch and the user must reapply; the scripts include logic to detect upgrade scenarios and use backups.
Assessment
This tool is a local in-place patcher — review the code before running and follow the recommended workflow: run python3 scripts/patch_prompt_cache.py --dry-run first, test against a copied fixture with --root, confirm backups were created in dist/ before applying, and keep an external copy of backups if you want extra safety. Ensure Python 3 and Node.js are installed and that you have permission to write into the OpenClaw installation. Prefer an upstream/config change if possible, because upgrades can overwrite the patch; if you proceed, keep the rollback script handy.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97afsmkgp8st5rm4es76k7kxh83zt3f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Responses Third Party Prompt Cache Patch

Patch the installed OpenClaw dist bundle so shouldStripResponsesPromptCache(model) stops deleting prompt_cache_key and prompt_cache_retention for third-party OpenAI-compatible Responses endpoints.

Risks

  • Write directly into the OpenClaw installation directory under dist/.
  • Require Python 3 and Node.js on the target machine.
  • Need a gateway restart after apply or rollback for the change to take effect.

Quick start

Run from this skill directory:

python3 scripts/patch_prompt_cache.py --dry-run
python3 scripts/patch_prompt_cache.py
openclaw gateway restart

Roll back

python3 scripts/revert_prompt_cache.py
openclaw gateway restart

Target selection

  • Default to the currently installed OpenClaw root by resolving the openclaw executable.
  • Accept --root /path/to/openclaw to patch a copied fixture or a different installation.
  • Scan dist/pi-embedded-*.js first, then fall back to other dist/*.js bundles only if the target function moved.

What the scripts do

scripts/patch_prompt_cache.py

  • Support --dry-run
  • Create timestamped backups before writing
  • Apply a narrow patch only inside shouldStripResponsesPromptCache(model)
  • Run node --check after writing
  • Auto-restore the fresh backup if syntax validation fails
  • Detect already-patched bundles and upgrade-style reapply situations

scripts/revert_prompt_cache.py

  • Restore the latest matching backup for each currently patched bundle
  • Support --dry-run
  • Validate restored files with node --check

Recommended verification flow

  1. Run --dry-run on the real installation.
  2. Copy the target bundle into a fixture and run --root <fixture> for real apply testing.
  3. Run apply again to confirm idempotency.
  4. Run rollback on the same fixture.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…