ClawHub
Code Pluginsource linked

Dynamic Session Contextv0.2.0

dynamic-session-context

dynamic-session-context·runtime dynamic-session-context·by @spzwin
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:dynamic-session-context
Latest release: v0.2.0Download zip

Capabilities

Tags
executes-code
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
dynamic-session-context

Compatibility

Built With Open Claw Version
2026.4.9
Min Gateway Version
2026.4.2
Plugin Api Range
>=2026.4.2
Plugin Sdk Version
2026.4.9
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (dynamic per-session injection of system prompts, skills, provider/model) match the actual implementation: hooks register before_model_resolve and before_prompt_build to inject system context and model/provider overrides; CLI to bind session -> profile; reads/writes profiles.json and session-profiles.json. No unrelated credentials or external network calls are requested.
Instruction Scope
SKILL.md instructs enabling the plugin, defining profiles.json, binding sessions via the CLI, and verifying via logs. That aligns with the code. Note: the docs explicitly direct users to inspect /tmp/dynamic-session-context-final.log — the plugin writes debug and event information (including prompt lengths and hints) to that file. This means runtime input and session-identifying info can be persisted to disk; the instructions encourage inspecting that file.
Install Mechanism
No install spec is present (instruction-only plugin in registry) and the package includes dist/ and source files. Nothing is downloaded from external URLs or installed from untrusted hosts. The plugin is packaged as local OpenClaw plugin code (normal for this kind of extension).
!
Credentials
The plugin does not declare required env vars but the code reads process.env.OPENCLAW_SESSION_LABEL and process.env.DYNAMIC_SESSION_PROFILE as optional fallbacks. While these are not secrets, their use is not documented in SKILL.md. More importantly, the plugin writes logs to /tmp/dynamic-session-context-final.log and persists session->profile mappings to session-profiles.json under the plugin root (configurable). Those files may contain session identifiers, hints extracted from message content, and other runtime metadata — potentially exposing sensitive user content if profiles or messages contain it. No credentials are requested.
Persistence & Privilege
always:false (not forced). The plugin persists session->profile bindings to session-profiles.json and writes logs to /tmp; it also registers CLI commands and runtime hooks. These behaviors are consistent with its function but mean it will modify files in the plugin directory and write to /tmp when enabled. The plugin does not modify other plugins' configs or request elevated system privileges.
Scan Findings in Context
[system-prompt-override] expected: The pre-scan flagged 'system-prompt-override' because the plugin intentionally injects system prompts and overrides model/provider — this is the declared purpose and is expected.
Assessment
This plugin appears to do what it says: inject different system prompts, skills, and provider/model overrides per session and persist session->profile bindings. Before enabling it, consider: 1) Logs: it appends debug and event data (including detected profile hints and prompt lengths) to /tmp/dynamic-session-context-final.log — that file may contain sensitive user messages or session identifiers. If that is a concern, either modify the plugin to disable or relocate logging, or ensure /tmp is secured and rotated. 2) Persistence: session->profile bindings are written to session-profiles.json in the plugin root (configurable via plugin config). Review and secure that file if your profiles or identifiers are sensitive. 3) Environment variables: the code reads OPENCLAW_SESSION_LABEL and DYNAMIC_SESSION_PROFILE as optional fallbacks; these are not documented in SKILL.md—be aware of this behavior if you rely on env-based labeling. 4) Trust and testing: enable the plugin only in trusted environments first, test with non-sensitive sessions to confirm behavior, and inspect the files it writes. The pre-scan detection of 'system-prompt-override' is expected given the plugin's purpose and not, by itself, a sign of maliciousness.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/spzwin/dynamic-session-context
Commit
1
Tag
main
Provenance
No
Scan status
clean

Tags

latest
0.2.0

dynamic-session-context

同一 agent 按不同 session 注入不同上下文 的 OpenClaw 插件。

它能做什么

  • 同一个 agent,在不同 session 中做不同事情
  • 按 session 自定义 system prompt
  • 按 session 动态指定 skills
  • 按 session 指定不同 model/provider
  • 支持显式持久化 session -> profile 绑定

当前结论

在 OpenClaw 2026.4.9 下,这个插件已经验证通过:

  • 按 session 命中不同 profile
  • 注入不同 system prompt
  • 注入不同 skills context
  • 覆盖 provider/model
  • 终端中显式创建/续写 session 并命中对应 profile

已验证的真实命中日志

  • 💾 Using persisted session profile for agent:main:explicit:dsc-explicit-bind-001: devops
  • 🔄 Returning providerOverride: "openai-codex"
  • 🔄 Returning modelOverride: "gpt-5.3-codex"
  • 💉 Returning prependSystemContext ...
  • 🧰 Returning appendSystemContext for skills: docker, kubernetes, github-actions

最终判断

如果你的目标是:

一个 agent,在不同 session 中做不同事情,并根据 session 自定义 system prompt、动态指定 skills

那么答案是:

可以,而且当前版本已经能在已验证链路中稳定实现。

说明:

  • 对显式 session 链路,已经验证可用
  • 对能稳定拿到 sessionKeysessionId 的链路,已经验证可用
  • 对 OpenClaw 所有未知内部链路承诺绝对 100%,目前不做这个承诺

推荐用法

  1. 先启用插件
  2. profiles.json 定义 profile
  3. dsc profile set 绑定 session 和 profile
  4. openclaw agent --local --session-id ... 创建/续写明确 session
  5. 用日志核对 profile 命中情况

启用插件

本插件在 openclaw.plugin.json 中默认是:

"enabledByDefault": false

所以使用前请先在你的 OpenClaw 环境中启用它。

常见做法是通过 OpenClaw 的插件管理能力启用本扩展,然后再执行下面的 CLI 命令。

关于 session-profiles.json

首次发布时,session-profiles.json 为空是正常的:

{}

因为它不是让用户手写的主配置文件,而是运行时 session 绑定表

正确使用方式是:

  1. 先在 profiles.json 里定义 profile
  2. 再通过 openclaw dsc profile set ... 生成绑定

例如:

openclaw dsc profile set \
  --session agent:main:main \
  --session-id example-session-id \
  --profile-name devops

如果想看格式示例,可参考:

session-profiles.example.json

用户怎么使用这个插件

这个插件的使用方式,不是“每次手动调用插件”,而是:

  1. 先在 profiles.json 里定义不同 profile
  2. 再把某个 session 绑定到某个 profile
  3. 之后在这个 session 里正常使用 agent

也就是说,插件是在后台按 session 自动生效的。

一个最常见的使用流程

第一步:定义 profile

例如在 profiles.json 中定义一个 devops

{
  "devops": {
    "systemPrompt": "你是一个 DevOps 工程师",
    "skills": ["docker", "kubernetes", "github-actions"],
    "provider": "openai-codex",
    "model": "gpt-5.3-codex"
  },
  "default": {
    "systemPrompt": "",
    "skills": [],
    "provider": null,
    "model": null
  }
}

第二步:把 session 绑定到 profile

openclaw dsc profile set \
  --session-id devops-session-001 \
  --profile-name devops

第三步:在这个 session 中正常使用 agent

openclaw agent --local \
  --session-id devops-session-001 \
  --message "帮我排查 Kubernetes Pod CrashLoopBackOff" \
  --json

当这个 session 已经绑定到 devops 后,插件会自动为它注入:

  • devops 对应的 system prompt
  • devops 对应的 skills context
  • devops 对应的 provider/model

你可以把它理解成

  • profiles.json 负责定义“有哪些角色/模式”
  • dsc profile set 负责指定“某个 session 用哪个角色”
  • openclaw agent --local --session-id ... 负责真正进入这个 session 使用 agent

CLI 用法

设置绑定

openclaw dsc profile set \
  --session agent:main:main \
  --session-id 5b395e35-c1ee-4a9c-b645-6ec8aa07eee0 \
  --profile-name devops

查看绑定

openclaw dsc profile get \
  --session agent:main:main \
  --session-id 5b395e35-c1ee-4a9c-b645-6ec8aa07eee0

清除绑定

openclaw dsc profile clear \
  --session agent:main:main \
  --session-id 5b395e35-c1ee-4a9c-b645-6ec8aa07eee0

列出绑定

openclaw dsc profile list

重要说明

set 子命令请使用:

--profile-name

不要再使用:

--profile

因为它会和 OpenClaw 根 CLI 的全局 --profile 冲突。

文档入口

  • 新手安装、启用插件与第一次跑通:QUICKSTART.md
  • 完整使用手册、终端验证步骤、问题复盘和结论报告:README-DETAIL.md