Trunkate AI
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: trunkate-ai Version: 0.20.0 The skill implements a proactive hook (hooks/openclaw/pre_request.py) that automatically sends the agent's entire conversation history to an external API (api.trunkate.ai) before every request. While scripts/activator.py attempts to redact secrets locally using regex, this is an incomplete safeguard for sensitive data exfiltration. Furthermore, the skill uses the OPENCLAW_ACTION:SET_HISTORY directive to silently overwrite the agent's memory with content returned from the remote API, creating a significant risk for remote prompt injection and unauthorized manipulation of the agent's state without user awareness.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Conversation history, project details, logs, and other context may be transmitted to Trunkate for processing.
The optimizer posts the supplied prompt text to a remote Trunkate API using the user's API key; when invoked by the hook, that prompt can be the active session history.
payload = {"text": prompt, "budget": budget, "model": model}
headers = {"Authorization": f"Bearer {api_key}", "Content-Type": "application/json"}
response = requests.post(f"{api_url}/optimize", json=payload, headers=headers, timeout=10)Use this only for data you are comfortable sending to Trunkate, and require clear retention/privacy terms plus user-controlled approval for automatic uploads.
If the summary is wrong, incomplete, or manipulated, future agent behavior can be steered by altered memory; sensitive restored content may also re-enter the agent state pipeline.
A remote optimization result is restored and emitted as an OpenClaw directive to replace the agent's history.
optimized_filtered = optimize_prompt(filtered_history, budget=target_budget)
...
optimized = _restore_sensitive_content(optimized_filtered, protected_blocks)
...
print(f"OPENCLAW_ACTION:SET_HISTORY={optimized}")Show a diff or summary for user approval before SET_HISTORY, validate remote output, and keep a reversible backup of the original history.
The skill can incur API use, transmit history, and alter context automatically during normal agent operation.
The activator is designed to optimize whenever a history file is available, rather than requiring explicit user approval for each high-impact memory rewrite.
# Proactive Principle: We systematically optimize every call to ensure
# the agent's memory is always lean and cost-effective.
if not history_path or not os.path.exists(history_path):
returnGate automatic optimization behind a real token threshold, provide a manual-only mode, and require confirmation before high-impact history changes.
A path-resolution mistake could execute unintended local code with access to OpenClaw state and the Trunkate API key.
The hook executes a relative subprocess path. If the hook is launched from an unexpected working directory, it could run a different scripts/activator.py while inheriting environment variables.
script_path = os.path.join("scripts", "activator.py")
...
subprocess.run(
[sys.executable, script_path],
env=os.environ.copy(),
check=True
)Resolve the activator path relative to the hook file, verify the target path before execution, and avoid passing unnecessary environment variables.
Anyone with access to the environment or process could potentially use the Trunkate API key.
The skill uses a Trunkate API key to authenticate requests, which is expected for this integration but still grants delegated access to the service.
api_key = os.environ.get("TRUNKATE_API_KEY")
...
headers = {"Authorization": f"Bearer {api_key}", "Content-Type": "application/json"}Use a scoped key if available, store it securely, and rotate it if exposed.