Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Smart Compact
v1.0.4Smart context compaction for OpenClaw agents. 4-phase progressive strategy: Scan, Extract, Check, Compact. Before running /compact, this skill scans tool out...
⭐ 0· 69·0 current·0 all-time
by@wavmson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match the instructions: a 4‑phase pre-compact flow that scans tool outputs and writes extracted items to memory files. Asking the agent to inspect tool outputs (exec/read/web_fetch/web_search) and write to memory/YYYY-MM-DD.md is proportionate to the stated goal. However, the README/SKILL explicitly lists credentials/login data as an example of 'must save', which is unexpected for a compaction helper and inconsistent with other claims about redaction.
Instruction Scope
Instructions direct the agent to scan all recent tool call outputs (exec, read, web_fetch, web_search, etc.) and append extracted items to memory files. This is within the stated scope, but it also authorizes persisting potentially sensitive items (addresses, file paths, and explicitly '登录凭据s'). The SKILL promises redaction but does not define a verifiable redaction mechanism or thresholds, so the agent could persist secrets if redaction is imperfect or absent. The instructions also rely on an 'edit' append tool — behavior and permissions of that tool are not specified here.
Install Mechanism
Instruction-only skill with no install spec or code files; lowest install risk. README suggests optional cloning from GitHub or curl to download SKILL.md, which are normal but require verifying the repository source before fetching code.
Credentials
The skill declares no required env vars or credentials (good), but it writes persistent files containing extracted data. The explicit examples show it may store network addresses, config values, and even credentials. Persisting credentials is disproportionate for a context compaction helper and raises risk if redaction fails. No mechanism is provided to scope which categories are saved automatically vs require user approval beyond the final compact confirmation.
Persistence & Privilege
The skill does persistent writes to memory/YYYY-MM-DD.md (append-only). It does not request always: true or other elevated runtime privileges, and it claims not to auto-compact. Append-only behavior and user confirmation before /compact reduce some risk, but persistent storage of sensitive data still increases blast radius if misused or if file permissions are lax.
What to consider before installing
This skill mostly does what it says (scan → extract → checklist → optionally compact) and is low-risk in install footprint, but there is a clear inconsistency: the docs both promise 'sensitive data will be redacted' and list '登录凭据 (credentials)' as an example of items to save. Before installing or using: 1) Inspect the memory/YYYY-MM-DD.md files it creates and their filesystem permissions; 2) Run it in 'compact check' mode only and verify that secrets are not saved; 3) Confirm what 'redaction' actually does (sample inputs and outputs); 4) Avoid running it on conversations containing real credentials or secrets until you are confident redaction works; 5) If you plan to install via the suggested GitHub repo, review that repo (or clone via a secure channel) rather than blindly curl'ing raw files. If redaction is unreliable or credentials are being persisted, do not use the skill for sensitive contexts.Like a lobster shell, security has layers — review code before you run it.
latestvk979eggchmf7bp04eph7q6xtas8415qd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.