v1.0.1

Cost Optimizer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:54 AM.

Analysis

The skill is mostly coherent for cost optimization, but it asks to read full local OpenClaw/Claude configuration files and can persist routing, heartbeat, and context snapshots, so users should review it before installing.

GuidanceInstall only if you are comfortable with a cost-optimization skill that can inspect local agent configuration, write optimized config files, save context snapshots, and route tasks to non-default model providers. Before applying generated configs, check the diff, make sure backups are created, and avoid running the heartbeat/config inspection on files that may contain secrets.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

allowed-tools: Bash, Read, Write, Edit, Grep, Glob, Agent

The skill requests broad shell, file read/write/edit, search, and agent tooling. This is partly aligned with config generation and reporting, but it is wider than simple recommendation-only behavior.

User impactIf invoked, the skill has authority to inspect files and modify configuration files, not just calculate cost estimates.

RecommendationReview proposed commands and diffs before allowing writes; prefer narrower permissions if you only want cost estimates or model recommendations.

Rogue Agents

SeverityLowConfidenceHighStatusNote

openclaw.json

"heartbeat": { "enabled": true, "base_interval_minutes": 45 ... } ... "auto_report_interval": "daily"

The included configuration enables recurring heartbeat behavior and daily reporting after the configuration is applied.

User impactThe agent environment may continue performing periodic cost/heartbeat/reporting actions beyond the immediate command.

RecommendationReview the generated or included configuration before applying it, and disable heartbeat or daily reporting if you do not want recurring activity.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

cat ~/.openclaw/config.json 2>/dev/null ... cat ~/.claude/settings.json 2>/dev/null

The skill tells the agent to read whole user-level OpenClaw and Claude configuration files. These files may contain account, provider, workspace, or other sensitive settings, and the artifacts do not describe field-level filtering or secret redaction.

User impactRunning the heartbeat optimization could expose local agent configuration details to the active conversation and any model/provider handling that conversation.

RecommendationOnly run the heartbeat/config inspection if you are comfortable sharing those settings with the agent; the skill author should narrow reads to heartbeat fields, redact secrets, and declare these config paths.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

将压缩后的上下文摘要写入 `.context-snapshot.md` ... `## 最近对话（完整） {last_5_turns}`

The compression feature persists a context snapshot containing summaries, active files, pending items, and recent conversation turns.

User impactPrivate prompts, file summaries, decisions, or untrusted instructions from prior context could be saved in the workspace and later reloaded into another conversation.

RecommendationInspect or delete .context-snapshot.md when it may contain sensitive information, and avoid loading old snapshots blindly into new sessions.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

openclaw.json

"model": "deepseek/v3" ... "model": "gemini-2.0-flash" ... "model": "claude-sonnet-4-6"

The preset routing configuration sends different task classes to different model providers, including DeepSeek, Gemini, and Claude-family models.

User impactPrompts, code context, or configuration details may be processed by whichever provider the routing rules select.

RecommendationConfirm that each configured provider is acceptable for your code and data before applying the routing configuration.