ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw ElonTools Optimizer v3 — Safe Edition

v3.0.0

Otimizações SEGURAS para OpenClaw — apenas configurações que economizam tokens sem NENHUM risco de perda de contexto ou loops infinitos. QUANDO USAR: - Setup...

0· 61·0 current·0 all-time
by@elontools
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: the skill is an instruction-only preset that patches OpenClaw gateway configuration to use a cheaper heartbeat model, auto-archive sub-agents, prune sessions, and disable listed plugins. Those capabilities are consistent with a configuration-optimizer skill. One mismatch: the README strongly warns never to change contextPruning/compaction/etc., yet the example 'factory defaults' config.patch shown earlier modifies contextPruning/compaction — this contradiction needs clarification.
!
Instruction Scope
Runtime instructions instruct the agent to read the included preset JSON and run gateway(action="config.patch", raw=...) and gateway(action="config.get"). That is expected for applying system-wide config changes, but: (1) the SKILL.md contains an explicit 'factory defaults' config.patch that modifies contextPruning and compaction (contradicting the 'DO NOT touch contextPruning' advice), and (2) the static scan flagged a 'system-prompt-override' pattern in the SKILL.md. While no explicit system prompt field is present in the provided JSON, the presence of gateway config patching plus the injection-like wording increases risk if the patch content is altered or misapplied. The skill does not instruct reading other files or environment variables beyond its own preset.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk by an installer. Lowest-risk install mechanism.
Credentials
No required environment variables, credentials, or config paths are declared. The changes are limited to gateway configuration calls described in the SKILL.md and the included preset JSON. That is proportionate to a config optimizer.
Persistence & Privilege
The skill does not request always:true and is user-invocable. However, it explicitly instructs performing gateway config patches that modify agent-wide defaults (heartbeat model, plugins, session maintenance). Those are system-level changes and should be treated as privileged operations — the user must ensure they have backups and proper authorization before applying. Autonomous invocation was not disallowed; combined with gateway patching this increases blast radius if misused.
Scan Findings in Context
[system-prompt-override] unexpected: The scanner detected a system-prompt-override pattern in SKILL.md. The skill is about applying gateway configuration patches; altering system prompts or bootstrap settings would be out-of-scope and dangerous. The pattern is not expected for a safe optimizer and warrants extra scrutiny. No explicit system prompt modification appears in the included preset JSON, but the warning and the example config.patch that touches contextPruning/compaction are inconsistent and concerning.
What to consider before installing
This skill is mostly coherent with its stated goal (safe OpenClaw config tweaks) but has two red flags you must address before running it: (1) a contradiction — the doc repeatedly warns 'NEVER' to touch contextPruning/compaction/etc., yet it shows an example factory-defaults config.patch that changes contextPruning and compaction; do NOT run that patch until you understand why it's needed and have a backup; (2) a pre-scan 'system-prompt-override' pattern was detected in SKILL.md, which increases the risk if configuration patches are altered. Practical next steps: - Inspect your current gateway configuration with gateway(action="config.get") and export/save a full backup before applying anything. - Manually review the exact JSON you will send to gateway(action="config.patch"). The included preset (references/preset-safe.json) is visible and disables many plugins and sets heartbeat.model to "elon/claude-haiku-4-5" — confirm you want those changes and that you have access to that model. - Do not blindly run the 'factory defaults' snippet; ask the skill author to explain why that patch changes contextPruning despite the 'never change' rule, or test in a staging environment first. - If you rely on any of the listed plugins (WhatsApp, Discord, Slack, etc.), do not apply the plugin-disable section or edit it to preserve those entries. - Prefer applying changes incrementally and verifying agent behavior (heartbeats, session pruning) rather than a single global patch. If you want higher assurance, request the skill author to remove or explain the factory-defaults snippet, remove the contradictory guidance, and provide a clear, single atomic patch that does not touch contextPruning/compaction/bootstrap settings.
!
SKILL.md:84
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dqr75vdpez2mtvx12t6zqe183mf7v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments