Cost Optimizer
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent cost-optimization/configuration helper, but it can read and modify local agent configuration and write context snapshots, so users should review what it applies.
This looks safe to install for its stated purpose, but treat generated config changes as important: review the diff, keep backups, confirm any routing to DeepSeek/Gemini/Claude is acceptable, and inspect or delete context snapshots that may contain private project information.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Applying the generated config may change which models the agent uses, cost limits, heartbeat behavior, and reporting settings.
The skill is designed to write or update OpenClaw configuration, which can change future agent behavior. The documented diff preview and backup make this purpose-aligned rather than suspicious.
Generates optimized config with diff preview ... Backs up existing config before applying (`openclaw.json.bak.{timestamp}`) ... Validates JSON after writingReview the diff before applying, keep the backup, and verify the routing and budget settings match your preferences.
The agent may inspect local OpenClaw or Claude Code settings while generating optimization recommendations.
The heartbeat optimization workflow reads user-level and project-level agent configuration files. This is relevant local configuration access, but it is disclosed and tied to the stated purpose.
cat ~/.openclaw/config.json ... cat ~/.claude/settings.json ... cat ./.claude/settings.json
Check those config files for secrets before use, and avoid letting the skill print or store sensitive settings unnecessarily.
Sensitive project details or conversation content could remain in a local snapshot file and be reused in later sessions.
Context compression persists a local snapshot that may include summaries of files, tool results, decisions, todos, and recent conversation turns.
将压缩后的上下文摘要写入 `.context-snapshot.md` ... 最近对话(完整) {last_5_turns}Inspect `.context-snapshot.md`, remove secrets or private details, and delete the snapshot when it is no longer needed.
If applied, the agent may continue running configured heartbeat/reporting behavior across future sessions.
The sample configuration enables recurring heartbeat behavior and daily reporting. This is disclosed as a core feature, but it is persistent agent activity.
"heartbeat": { "enabled": true, "base_interval_minutes": 45 ... }, "reporting": { "auto_report_interval": "daily"Disable heartbeat or daily reporting if you do not want recurring activity, and confirm the configured intervals and cost caps.