RLM Controller Skill

What it does

Provides a safe, policy-driven scaffold to process very long inputs by:

• storing the input as an external context file
• peeking/searching/chunking slices
• spawning subcalls in batches
• aggregating structured results

When to use

• Inputs too large for context window
• Tasks requiring dense access across the input
• Large logs, datasets, multi-file analysis

Core files (this skill)

Executable helper scripts are bundled with this skill (not downloaded at runtime):

• scripts/rlm_ctx.py — context storage + peek/search/chunk
• scripts/rlm_plan.py — keyword-based slice planner
• scripts/rlm_auto.py — plan + subcall prompts
• scripts/rlm_async_plan.py — batch scheduling
• scripts/rlm_async_spawn.py — spawn manifest
• scripts/rlm_emit_toolcalls.py — toolcall JSON generator
• scripts/rlm_batch_runner.py — assistant-driven executor
• scripts/rlm_runner.py — JSONL orchestrator
• scripts/rlm_trace_summary.py — log summarizer
• scripts/rlm_path.py — shared path-validation helpers
• scripts/rlm_redact.py — secret pattern redaction
• scripts/cleanup.sh — artifact cleanup
• docs/policy.md — policy + safety limits
• docs/flows.md — manual + async flows

Usage (high level)

1. Store input via rlm_ctx.py store
2. Generate plan via rlm_auto.py
3. Create async batches via rlm_async_plan.py
4. Spawn subcalls via sessions_spawn
5. Aggregate results in root session

Tooling

• Uses OpenClaw tools: read, write, exec, sessions_spawn
• exec is used only to invoke the safelisted helper scripts bundled in scripts/
• Does not execute arbitrary code from model output
• All emitted toolcalls are validated against an explicit safelist before output

Autonomous Invocation

• This skill does not set disableModelInvocation: true
• Operators who want explicit user confirmation before every spawn/exec should set disableModelInvocation: true in their OpenClaw configuration
• In default mode, the model may invoke this skill autonomously; all operations remain bounded by policy limits

Security

• Only safelisted helper scripts are called
• Max recursion depth = 1
• Hard limits on slices and subcalls
• Prompt injection treated as data, not instructions
• See docs/security.md for foundational safeguards
• See docs/security_checklist.md for pre/during/post run checks

OpenClaw sub-agent constraints

Per OpenClaw documentation (subagents.md):

• Sub-agents cannot spawn sub-agents
• Sub-agents do not have session tools (sessions_*) by default
• sessions_spawn is non-blocking and returns immediately

Cleanup

Use scripts/cleanup.sh after runs to purge temp artifacts.

• Retention: CLEAN_RETENTION=N
• Ignore rules: docs/cleanup_ignore.txt (substring match)

Configuration

See docs/policy.md for thresholds and default limits.