prompt-optimizer
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill does not show malware or data theft, but it persistently installs prompt-routing rules into shared agent memory, which can change future agent behavior beyond a single invocation.
Review this skill before installing. It appears purpose-aligned, but it works by changing persistent OpenClaw memory, so install it only if you want prompt optimization and routing rules to affect future agent behavior. After installation, inspect ~/.openclaw/workspace/memory/agent-notes.md and confirm you can remove the appended rules if needed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future agent sessions may continue following these prompt-optimization and routing rules, even when the user is not explicitly invoking this skill.
The installer appends the skill's prompt rules into shared OpenClaw memory rather than keeping them scoped to one invocation or one skill file.
MEMORY_FILE="$HOME/.openclaw/workspace/memory/agent-notes.md" ... cat "$RULES_FILE" >> "$MEMORY_FILE"
Install only if you want global prompt-optimization behavior. Keep the backup, inspect agent-notes.md after install, and verify uninstall removes or lets you remove the appended section.
The agent may reinterpret or expand your requests before answering, and L1-L3 tasks may proceed without asking you to approve the optimized prompt.
The skill intentionally changes the agent workflow so most requests are optimized in the background and executed without a separate confirmation step.
> 核心原则:默认隐式优化 + 直接执行,无需确认
For sensitive or side-effecting work, explicitly ask the agent to show the optimized prompt and wait for confirmation before execution.
It is harder to confirm the package source or compare it with an upstream repository.
The declared repository URL is a placeholder, which weakens provenance verification for a package that includes installer scripts and persistent memory changes.
"url": "https://github.com/your-repo/prompt-optimizer.git"
Prefer the reviewed ClawHub package, avoid cloning the placeholder repository, and ask the maintainer to publish a real repository and complete metadata.