Skillv3.8.0

ClawScan security

Token Pilot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 27, 2026, 2:27 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are internally consistent with its stated purpose (token optimization), but it will read and actively modify many agent workspace files (injecting rules into every AGENTS.md, creating a .initialized marker, and optionally applying workspace cleanups/cron edits), so review and back up before consenting to changes.
Guidance: This skill appears to do what it says — audit workspaces and inject token-saving rules — but it is intrusive. Before enabling or running init.sh/optimize.js: 1) Review the bundled scripts (init.sh, uninstall.sh, audit.js, optimize.js) yourself to confirm no unexpected commands; they are included with the skill. 2) Back up your workspace AGENTS.md files and openclaw.json so you can restore prior state. 3) Prefer running audit.js first (reads-only) to see recommended changes before agreeing to injection or running optimize with --apply. 4) When running init.sh, do not use --yes unless you understand and accept bulk modifications to every Agent. 5) If you want safer testing, run the init script in a copy of ~/.openclaw or a single agent directory first. If anything in the scripts looks unexpected or you cannot interactively confirm prompts (headless CI), treat --yes/--apply with extra caution.

Review Dimensions

Purpose & Capability: okThe name/description (automatic token optimization) align with the provided artifacts: SKILL.md documents optimization rules, and bundled scripts implement auditing, injecting a small rule block into AGENTS.md, cataloging skills, and suggestions for cron/model routing. There are no unrelated required env vars or external binaries; the code present (init.sh, audit.js, optimize.js, uninstall.sh) directly supports the declared purpose.
Instruction Scope: noteRuntime instructions explicitly tell the agent to enumerate and read AGENTS.md for all agents, run an init script that writes a 36-line rules block into every agent's AGENTS.md (after a preview/confirmation), run audit.js (reads workspace/configs/skills), and optionally run optimize.js which can move/delete files when invoked with --apply. These operations are within the scope of a workspace-level 'token optimizer' but are intrusive: they perform cross-agent writes and may modify openclaw.json/cron when asked. The SKILL.md states the init path asks for user consent (unless --yes), which mitigates but does not eliminate the risk of broad changes.
Install Mechanism: okNo external install spec or downloads are used. The skill is instruction-only with bundled scripts (pure Node.js and POSIX shell) that run locally. This is low-risk from an install-source perspective because no remote code is fetched at install time.
Credentials: okThe skill does not request any environment variables, credentials, or external tokens. All file access is scoped to the user's OpenClaw home (~/.openclaw) and the workspace; requested accesses are proportional to the stated functionality (auditing, injecting AGENTS.md, scanning configs).
Persistence & Privilege: noteThe skill is not always: true and does not request special platform privileges, but it writes persistent changes: injecting rule blocks into all AGENTS.md, creating a .initialized flag, and offering automated cron suggestions and --apply optimizations that can move or delete files. Autonomous invocation is allowed by default on the platform; combined with scripts that can be run with a --yes flag or --apply, this grants the skill the ability to make broad workspace changes if the user (or an automated flow) consents.