Bw Openclaw Boost

This package appears to implement local cost, memory, compaction and coordination tools and does not fetch remote code or request credentials — but there are a few things to check before installing: - Data exposure: several scripts run the 'openclaw status' CLI and parse its output, then write session identifiers and other status lines to local logs/reports under ~/.openclaw/bw-openclaw-boost/memory/logs and cost reports. Inspect what 'openclaw status' prints on your system; if it includes session tokens, channel keys, or other sensitive identifiers you may not want those persisted. - Installation path vs. claims: SKILL.md says it "does not access global ~/.openclaw" but install.sh places the skill under ~/.openclaw/bw-openclaw-boost. That is a subdirectory of the app's home; this is probably fine, but if you expected the skill to live elsewhere (e.g., completely outside ~/.openclaw), be aware of that mismatch. - Review permission_manager.py and tools/check_permission.sh: these implement local permission checks. Before enabling automation, read those files to verify the ask/allow/deny behavior and whether any actions could be escalated. - Run offline / sandboxed first: because the tool writes local logs and can persist parsed status output, consider installing to a temporary location or running the scripts manually (python3 tools/*.py) to observe what it logs before enabling any automation. - Minor bug: launch.sh contains a typo in the all-status branch ($PYOLS_DIR/token_budget.py). This is a non-security bug but will break that command. If you want, I can: (1) list every file that writes to disk and where it writes; (2) scan the code for exact places that persist 'openclaw status' strings into files; or (3) produce a short checklist you can run to verify 'openclaw status' output details on your system.