Trunkate AI
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Trunkate AI matches its context-compression purpose, but its recommended silent hooks can automatically send session history to an external API and replace the agent’s memory without clear per-request control.
Before installing, decide whether your conversation history and project context may be sent to Trunkate. Prefer manual invocation or a confirmed threshold-based mode, review any optimized history before it replaces the original, and secure the TRUNKATE_API_KEY.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Conversation history, project details, logs, and other context may be transmitted to Trunkate for processing.
The optimizer posts the supplied prompt text to a remote Trunkate API using the user's API key; when invoked by the hook, that prompt can be the active session history.
payload = {"text": prompt, "budget": budget, "model": model}
headers = {"Authorization": f"Bearer {api_key}", "Content-Type": "application/json"}
response = requests.post(f"{api_url}/optimize", json=payload, headers=headers, timeout=10)Use this only for data you are comfortable sending to Trunkate, and require clear retention/privacy terms plus user-controlled approval for automatic uploads.
If the summary is wrong, incomplete, or manipulated, future agent behavior can be steered by altered memory; sensitive restored content may also re-enter the agent state pipeline.
A remote optimization result is restored and emitted as an OpenClaw directive to replace the agent's history.
optimized_filtered = optimize_prompt(filtered_history, budget=target_budget)
...
optimized = _restore_sensitive_content(optimized_filtered, protected_blocks)
...
print(f"OPENCLAW_ACTION:SET_HISTORY={optimized}")Show a diff or summary for user approval before SET_HISTORY, validate remote output, and keep a reversible backup of the original history.
The skill can incur API use, transmit history, and alter context automatically during normal agent operation.
The activator is designed to optimize whenever a history file is available, rather than requiring explicit user approval for each high-impact memory rewrite.
# Proactive Principle: We systematically optimize every call to ensure
# the agent's memory is always lean and cost-effective.
if not history_path or not os.path.exists(history_path):
returnGate automatic optimization behind a real token threshold, provide a manual-only mode, and require confirmation before high-impact history changes.
A path-resolution mistake could execute unintended local code with access to OpenClaw state and the Trunkate API key.
The hook executes a relative subprocess path. If the hook is launched from an unexpected working directory, it could run a different scripts/activator.py while inheriting environment variables.
script_path = os.path.join("scripts", "activator.py")
...
subprocess.run(
[sys.executable, script_path],
env=os.environ.copy(),
check=True
)Resolve the activator path relative to the hook file, verify the target path before execution, and avoid passing unnecessary environment variables.
Anyone with access to the environment or process could potentially use the Trunkate API key.
The skill uses a Trunkate API key to authenticate requests, which is expected for this integration but still grants delegated access to the service.
api_key = os.environ.get("TRUNKATE_API_KEY")
...
headers = {"Authorization": f"Bearer {api_key}", "Content-Type": "application/json"}Use a scoped key if available, store it securely, and rotate it if exposed.