Low-Spec Optimizer
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is not obviously malicious, but its cleanup script can delete more OpenClaw session data than intended and should be reviewed before use.
The resource-checking script appears low risk, but treat the cleanup script carefully. Run only the dry-run first, avoid aggressive cleanup unless needed, and prefer waiting for a fixed version that targets $HOME, excludes the parent sessions directory, and confirms deletions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running cleanup could erase active or recent OpenClaw session state, interrupting work or losing context beyond the intended stale-session cleanup.
The command does not exclude the parent sessions directory with something like -mindepth 1. If the parent directory matches the age filter, the cleanup can remove the entire sessions tree, not just stale child sessions.
find /home/nvi/.openclaw/sessions -maxdepth 1 -type d -mmin +60 -exec rm -rf {} +Do not run the cleanup script on important sessions until it is changed to use the current user's path, exclude the parent directory, show the exact deletion list, and require confirmation before deleting.
Using aggressive cleanup may require packages or browser components to be re-downloaded later and may remove older local logs.
Aggressive mode runs broad local cleanup commands that clear package caches and journal logs. This is disclosed and purpose-aligned, but it changes local system/developer state.
npm cache clean --force ... pip3 cache purge ... journalctl --vacuum-time=3d
Use --dry-run first, avoid --aggressive unless you explicitly want cache/log cleanup, and review the paths and commands before executing them.