Openclaw Context Optimizer
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill’s core compression behavior is disclosed, but it automatically changes and stores request context and encourages agents with wallet access to pay for Pro without human approval.
Install only if you are comfortable with a skill that can automatically compress and alter request context, keep local history of original/compressed context, and present payment workflows to agents. Do not provide wallet access unless spending is tightly limited and every transaction requires explicit human approval.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent has access to a funded wallet, it could spend funds on the Pro subscription or renewals based on the skill’s guidance.
The skill asks users to delegate funded-wallet payment authority to an agent for subscription purchases, which is high-impact financial authority beyond ordinary context compression.
If you're a human running an AI agent, you can: 1. **Let the agent pay** - Give your agent access to a funded wallet with x402 support
Do not give the agent an unrestricted funded wallet. Require explicit human approval, spending limits, and a separate low-balance wallet for any x402 payments.
A user may not realize the skill is designed to let agents decide and pay for upgrades on their own.
The documentation frames autonomous payment without human approval as an intended workflow, which can influence agents to make financial decisions outside the user’s direct consent.
Agents autonomously pay for services (via x402) - **No human in the loop**
Treat all subscription and payment actions as user-approved only. Configure the agent to ask before any wallet transaction, regardless of ROI claims.
Private prompts, conversation history, or project details may be saved locally in the skill’s database and later viewed in history or reused for learning.
The database schema stores both the original and compressed request context, which may include sensitive user or project information and persists beyond the immediate request.
original_context TEXT, compressed_context TEXT
Avoid using this skill with highly sensitive context unless you are comfortable with local persistence. Look for retention, deletion, exclusion, and encryption controls before enabling automatic hooks.
Important details could be pruned or summarized incorrectly, affecting model responses or downstream actions.
The hook automatically replaces request context with compressed text before processing. This is central to the skill’s purpose, but it can change what the model sees.
requestData.context = compressionResult.compressed;
Use conservative settings for important work, review compression history, and disable or avoid automatic compression for tasks where exact context is required.
Installation may depend on third-party packages or package resolution not fully represented by the registry metadata.
The package uses external Node dependencies with semver ranges, while the registry says there is no install spec and the source is listed as unknown.
"dependencies": {
"better-sqlite3": "^11.0.0",
"express": "^4.18.2",
"commander": "^12.0.0"
}Install only from a trusted source, review the package lock or resolved dependency versions, and prefer pinned dependencies for production use.