Openclaw Cache Kit
Security checks across malware telemetry and agentic risk
Overview
This skill appears to do what it claims—edit local OpenClaw caching settings—but it will change global OpenClaw defaults, enable a recurring heartbeat, and write local cache diagnostics.
Before installing, be comfortable with a local script editing ~/.openclaw/openclaw.json, restarting the OpenClaw gateway, and enabling a persistent 59-minute heartbeat. Keep the backup path printed by the script, review cache-trace logs for sensitive content, and restore the backup if the changes are not wanted.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the script can change how all default OpenClaw agents behave and may restart the local gateway.
The user-run script directly modifies OpenClaw default agent configuration and restarts the gateway. This is consistent with the caching purpose, but it affects live OpenClaw behavior.
deep_set(config, ["agents", "defaults", "contextPruning", "ttl"], "1h") ... openclaw gateway restart 2>&1 || true
Review the generated backup and the changed openclaw.json settings before relying on them; restore the backup if the changes are not desired.
OpenClaw may continue making periodic cache-maintenance activity, which can affect API usage and cost.
The script configures a recurring heartbeat. This is disclosed as part of the cache-retention strategy, but it is persistent background behavior after the setup command completes.
deep_set(config, ["agents", "defaults", "heartbeat", "every"], "59m")
Install only if you want ongoing heartbeat behavior; use the printed restore command or edit openclaw.json to disable it later.
Cache trace files under the OpenClaw log directory may contain information about system context or cache behavior that should not be broadly shared.
The script enables cache trace diagnostics and includes system-level data while disabling messages and prompt logging. Local diagnostic logs can still expose operational/system context depending on OpenClaw's log format.
deep_set(config, ["diagnostics", "cacheTrace", "enabled"], True) deep_set(config, ["diagnostics", "cacheTrace", "includeSystem"], True)
Check the contents and permissions of ~/.openclaw/logs/cache-trace.jsonl and prune or disable diagnostics if the logs contain sensitive context.
A user may not know from the registry metadata that local command-line tools are needed before running the scripts.
The metadata does not declare required binaries, while the included apply script checks for the openclaw CLI and python3. This is an install metadata gap, not hidden execution.
Required binaries (all must exist): none ... Install specifications: No install spec — this is an instruction-only skill.
Confirm openclaw, bash, and python3 are installed before running the setup script.