← 返回 Skills 市场
ContextKeeper
作者
Gopinath Nelluri
· GitHub ↗
· v0.2.3
823
总下载
0
收藏
2
当前安装
7
版本数
在 OpenClaw 中安装
/install contextkeeper
功能描述
ContextKeeper — Safe project state tracking for AI agents. Manual checkpoint creation with validated inputs. No background processes, no PID manipulation, no...
使用说明 (SKILL.md)
ContextKeeper 🔮
Safe project state tracking for AI agents
Keeps track of what you're working on across sessions. Create checkpoints manually, view status in dashboard.
Security
| Risk | Mitigation |
|---|---|
| Remote Code Execution | No command substitution with user data |
| PID manipulation | No PID files, no process management |
| Background processes | No watchers, no daemons |
| Injection attacks | Input validated and escaped |
Scripts
Two simple foreground scripts:
| Script | Purpose |
|---|---|
ckpt.sh |
Create checkpoint with message |
dashboard.sh |
View project status |
Usage
# Create checkpoint
./ckpt.sh "Fixed auth issue"
# View status
./dashboard.sh
Requirements
- bash
- git (for project detection)
Part of: TheOrionAI
安全使用建议
This skill appears to be a local checkpoint/dashboard tool that writes JSON checkpoint files to ~/.memory/contextkeeper and reads local git metadata. No network calls or credentials are requested, which is good. However, the README/metadata contains contradictory claims (e.g., 'No command execution' and 'requires: none') while the packaged scripts clearly run shell commands and require git/bash. Before installing or invoking: 1) Review and accept that the skill will create and write files under $HOME/.memory/contextkeeper. 2) Confirm you’re comfortable with local git metadata (file names, recent commits) being stored there. 3) If you need stronger guarantees, run the scripts in a sandboxed environment or inspect them line-by-line (they are simple shell scripts) and consider adjusting them to your policies. The mismatch between documentation claims and included scripts is the main reason for a 'suspicious' rating — likely sloppy documentation, but verify before trusting the skill for sensitive environments.
功能分析
Type: OpenClaw Skill
Name: contextkeeper
Version: 0.2.3
The `scripts/ckpt.sh` file contains a JSON injection vulnerability. While most user-controlled inputs are passed through a `json_escape` function, the `files_touched` array is constructed from `git diff --name-only` output without individual filename escaping. An attacker could commit a file with a crafted name (e.g., `foo", "malicious_key": "injected_value`) to inject arbitrary JSON into the checkpoint files, potentially corrupting the agent's state or influencing future behavior. This is a lack of input sanitization, classifying it as suspicious rather than malicious due to the absence of direct evidence of intentional harmful behavior like data exfiltration or RCE within the provided code.
能力评估
Purpose & Capability
Name and description describe a local project checkpoint/dashboard tool. The provided scripts (ckpt.sh, dashboard.sh) implement that behavior: auto-detect git repo, create JSON checkpoints, show status. This capability is coherent with the stated purpose. However, metadata in SKILL.md declares no required binaries while the usage and Requirements section mention bash and git — an inconsistency that should be clarified.
Instruction Scope
SKILL.md and the security table repeatedly state 'No command execution' and similar assurances, but the package includes shell scripts that run git, ln, grep, sed, and optionally python3. The scripts accept a user message and write files under $HOME/.memory/contextkeeper. The scripts include a json_escape function to mitigate injection, but the documentation's claim of 'no command execution' contradicts the presence and intended execution of these scripts.
Install Mechanism
No install spec and no downloads — instruction-only with bundled scripts. This minimizes install risk. Files are executed from repository files; nothing is fetched from external URLs.
Credentials
No environment variables or credentials are requested. Scripts write to $HOME/.memory/contextkeeper and run git locally. That is proportionate for a local project-state tool. There is no network activity or external endpoints in the provided code.
Persistence & Privilege
always:false and model invocation defaults are unchanged. The skill writes persistent state under the user's home directory (~/.memory/contextkeeper) and creates a symlink current-state.json — this is expected for a checkpoint tool and does not modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install contextkeeper - 安装完成后,直接呼叫该 Skill 的名称或使用
/contextkeeper触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.3
Clean documentation: simplified SKILL.md, removed references to deleted scripts, focused on existing features
v0.2.2
Clean tags: removed version numbers from discovery tags for better discoverability
v0.2.1
SECURITY VERIFIED: Only 2 scripts (ckpt.sh + dashboard.sh). NO background processes. NO lsof/kill. NO PID files. User execution only.
v0.2.0
SECURITY PATCH: Fix RCE via command substitution, remove PID file vulnerabilities, add input validation, JSON escaping
v0.1.2
v0.1.2: Fixed skill structure, use write tool, added dev notes and version history
v0.1.1
Auto-project detection from git + working dashboard script
v0.1.0
Initial release: Auto-project state tracking and intent routing for AI agents
元数据
常见问题
ContextKeeper 是什么?
ContextKeeper — Safe project state tracking for AI agents. Manual checkpoint creation with validated inputs. No background processes, no PID manipulation, no... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 823 次。
如何安装 ContextKeeper?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install contextkeeper」即可一键安装,无需额外配置。
ContextKeeper 是免费的吗?
是的,ContextKeeper 完全免费(开源免费),可自由下载、安装和使用。
ContextKeeper 支持哪些平台?
ContextKeeper 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ContextKeeper?
由 Gopinath Nelluri(@gopinathnelluri)开发并维护,当前版本 v0.2.3。
推荐 Skills