← Back to Skills Marketplace
1113
Downloads
2
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install rlm-controller
Description
RLM-style long-context controller that treats inputs as external context, slices/peeks/searches, and spawns recursive subcalls with strict safety limits. Use...
Usage Guidance
This skill appears internally consistent and implements the safeguards it documents (path containment, regex timeouts, secret redaction, hard caps on slices/subcalls). Before installing: 1) Review the few truncated/omitted files (particularly any toolcall emission or spawn code) to confirm tool names are hard-coded and no network calls or dynamic exec of model output are present. 2) If you operate in a high-security environment, set disableModelInvocation: true so the agent cannot autonomously spawn batches without your approval. 3) Run the bundled tests locally to validate behavior in your environment (note: SIGALRM-based regex timeouts are Unix-specific). 4) Confirm cleanup.sh points only at a workspace scratch path you control and adjust CLEAN_ROOT/ignore rules if needed. If you cannot review the omitted files, treat the skill as 'suspicious' until a full code review is completed.
Capability Analysis
Type: OpenClaw Skill
Name: rlm-controller
Version: 1.2.0
The skill bundle demonstrates a strong security-first design with multiple layers of defense. Key indicators include robust path validation (`rlm_path.py`) to prevent directory traversal and ensure containment, comprehensive secret redaction (`rlm_redact.py`) for subcall prompts, and strict safelisting of allowed actions and tools (`rlm_async_spawn.py`, `rlm_emit_toolcalls.py`) to prevent arbitrary code execution or tool misuse. All scripts use explicit command arrays for `subprocess` calls, avoiding shell injection. Resource limits are enforced on slices, subcalls, and regex operations (ReDoS protection in `rlm_ctx.py`). The documentation, including a detailed `docs/security_audit_response.md`, transparently discusses design trade-offs like autonomous invocation and outlines specific code-level mitigations implemented. While the `cleanup.sh` script lacks the `rlm_path.py` validation for its environment variables, its scope is confined to designated scratch directories, and the overall design prevents it from being exploited for malicious purposes.
Capability Assessment
Purpose & Capability
Name/description describe a long-context controller and the repository actually contains scripts and docs implementing that behavior (context store, peek/search/chunk, planning, spawn manifest, redaction, cleanup). No unexpected environment variables, binaries, or installers are requested. The presence of test files and policy/docs matches the claimed purpose.
Instruction Scope
SKILL.md instructs the agent to call only bundled helper scripts and OpenClaw tools (read, write, exec, sessions_spawn). Many scripts were provided and they contain explicit safeguards: shared path validation (rejects '..' and enforces realpath containment), regex search timeout to mitigate ReDoS, secret redaction prior to writing subcall prompts, and limits on slices/subcalls. However a subset of files were omitted from the pasted source (12 files truncated). The docs and an included audit response assert that rlm_emit_toolcalls and related emission code enforce safelists; those enforcement claims are plausible given the shown tests and modules, but full verification requires reviewing the omitted files (notably any file that emits tool names or invokes exec).
Install Mechanism
No install spec (instruction-only skill) and all helper scripts are bundled. This is the lowest-risk install model for skills because no external downloads or extract operations occur at install time.
Credentials
The skill declares no required environment variables, no primary credential, and no required config paths. The redaction logic explicitly targets common secret patterns (PEM blocks, bearer/basic tokens, AWS keys, passwords, long hex strings). Asking for no secrets is proportional to the stated functionality.
Persistence & Privilege
The skill does not set always:true and does not request persistent system privileges. It does allow autonomous model invocation by default (disableModelInvocation not set), which is a documented trade-off: useful for large batch runs but increases the range of autonomous operations. Hard limits (max recursion depth 1, max subcalls/slices/batches) and platform constraints (sub-agents cannot spawn sub-agents) reduce the blast radius. Operators with stricter threat models are advised to set disableModelInvocation: true.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install rlm-controller - After installation, invoke the skill by name or use
/rlm-controller - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
- Added new helper scripts: rlm_path.py (path validation) and rlm_redact.py (secret redaction).
- Introduced a cleanup script: scripts/cleanup.sh and new testing files in the tests/ directory.
- Expanded core controller scripts to include rlm_plan.py, rlm_batch_runner.py, and rlm_runner.py.
- Removed duplicate LICENSE.md file, retaining LICENCE.md.
- Updated documentation to reflect new scripts and capabilities.
v1.1.0
- Clarified that all helper scripts are bundled with the skill and not downloaded at runtime.
- Expanded tooling notes to specify that `exec` only invokes bundled, safelisted scripts.
- Added information about toolcall safelisting and validation.
- Documented model invocation: how default/autonomous invocation works and how to enforce user confirmation via OpenClaw config.
- Added a sample security audit response document.
v1.0.0
Initial release of rlm-controller: a secure, scalable scaffold for long-context input processing.
- Handles very large inputs by slicing, searching, and batching subcalls with strict safety policies.
- Core features: context storage, automated planning, async batch scheduling, and structured result aggregation.
- Enforces hard security restrictions: safelisted helper scripts only, shallow recursion, and robust prompt-injection handling.
- Integrates with OpenClaw tools for managing sessions and external context files.
- Includes detailed documentation on flows, policies, and security practices.
Metadata
Frequently Asked Questions
What is RLM Controller?
RLM-style long-context controller that treats inputs as external context, slices/peeks/searches, and spawns recursive subcalls with strict safety limits. Use... It is an AI Agent Skill for Claude Code / OpenClaw, with 1113 downloads so far.
How do I install RLM Controller?
Run "/install rlm-controller" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is RLM Controller free?
Yes, RLM Controller is completely free (open-source). You can download, install and use it at no cost.
Which platforms does RLM Controller support?
RLM Controller is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created RLM Controller?
It is built and maintained by Skywyze (@skywyze); the current version is v1.2.0.
More Skills