Julia's OpenClaw Token Optimizer
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: julia-openclaw-token-optimizer Version: 1.0.0 The skill is designed to optimize LLM costs by searching for pricing data and updating OpenClaw configurations. While it utilizes the 'gateway config.patch' capability to modify system settings, this behavior is explicitly documented and aligned with its stated purpose in SKILL.md and clawhub.json. No evidence of data exfiltration, malicious prompt injection, or unauthorized access was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent's default model could be changed persistently, which may affect future answer quality, cost, provider routing, or rate-limit behavior.
The skill instructs the agent to patch model-selection configuration, including defaults, but the artifacts do not require explicit user approval, scope the patch to a session/profile, or provide a rollback plan.
3. gateway config.schema.lookup 'agents.defaults.modelSelection'. ... 6. gateway config.patch {modelSelection: {primary: 'best-cheap-model'}}.Use this only with an explicit approve-before-patch workflow: require the agent to show the proposed config diff, expected cost/quality tradeoff, target scope, and rollback command before making changes.
Benchmark prompts may be processed by additional models and may consume tokens; private or sensitive prompts should not be used as test data unless intentionally approved.
Benchmarking through a subagent/model is aligned with the optimizer purpose, but it does involve sending prompts through another agent/model boundary.
4. Benchmark: spawn subagent with test prompts on cheap models.
Use synthetic benchmark prompts, disclose which models/providers will be tested, and get user approval before sending any sensitive content.