StartClaw-Optimizer
Security checks across malware telemetry and agentic risk
Overview
This skill does not show data theft or destruction, but it tries to control every response and model choice globally and points users to an unpinned remote package, so it should be reviewed before installation.
Install only if you intentionally want a global cost/model-routing optimizer. Verify the npm package source and version before running the install command, and be cautious about allowing it to compact or pass sensitive conversation context into subagents.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change how it responds or which model it uses even when the user did not ask for optimization, potentially reducing answer quality or overriding explicit preferences.
This makes the skill's routing policy globally authoritative for every answer and model choice, rather than limiting it to a bounded user-invoked task.
APPLIES TO EVERY RESPONSE... This skill MUST run before every response... Never use Opus.
Scope the optimizer to explicit user requests, or clearly mark and obtain user consent for always-on global routing and compaction behavior.
A user following the setup command could execute package code that was not actually reviewed in this artifact set.
The documentation directs users to install a remote npm package without a pinned version, while the registry source is unknown and no install spec is declared, so the installed package may differ from the reviewed artifacts.
npm install @startclaw/openclaw-optimizer
Provide a pinned install specification, verified source/homepage, lockfile or integrity data, and ensure the registry version matches the packaged code.
If wrapped around a mutating task, failures could cause the same action to run multiple times.
The scheduler can retry arbitrary task functions and run preflight/postflight hooks. This is purpose-aligned for automation, but it lacks built-in safeguards for non-idempotent or high-impact actions.
while (attempt < this.maxRetries) ... await this.runWithTimeout(task, context) ... await hook(context);
Use the scheduler only for idempotent or user-approved tasks, and add confirmation or rollback handling for actions that change user data or external systems.
Important details could be summarized incorrectly or prior conversation content could influence later subagent behavior more strongly than expected.
The component tracks session context and reuses compacted summaries as system-level context for later subagent work, which is central to its purpose but can carry forward sensitive or misleading prior context.
this.sessionTokens = new Map(); ... const compactedContext = [ ...criticalContext, { role: 'system', content: summary } ];Avoid including secrets in contexts passed to the compactor, review summaries for important work, and keep generated summaries clearly separated from trusted system instructions where possible.