ClawHub

Low-Spec Optimizer

PassAudited by VirusTotal on May 11, 2026.

Overview

Type: OpenClaw Skill Name: low-spec-optimizer Version: 1.0.0 The 'low-spec-optimizer' skill is designed to monitor system resources and perform routine maintenance to improve performance on resource-constrained machines. The included scripts, 'check_resources.sh' and 'cleanup_sessions.sh', use standard Linux utilities to report on RAM/CPU usage and safely clear temporary caches (e.g., Playwright, npm, pip) and stale session data. The instructions in 'SKILL.md' and 'config-guide.md' provide legitimate operational guidance for managing OpenClaw in low-RAM environments without any evidence of malicious intent, data exfiltration, or unauthorized persistence.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern
ASI08: Cascading Failures
What this means

Running cleanup could erase active or recent OpenClaw session state, interrupting work or losing context beyond the intended stale-session cleanup.

Why it was flagged

The command does not exclude the parent sessions directory with something like -mindepth 1. If the parent directory matches the age filter, the cleanup can remove the entire sessions tree, not just stale child sessions.

Skill content
find /home/nvi/.openclaw/sessions -maxdepth 1 -type d -mmin +60 -exec rm -rf {} +
Recommendation

Do not run the cleanup script on important sessions until it is changed to use the current user's path, exclude the parent directory, show the exact deletion list, and require confirmation before deleting.

Note
ASI02: Tool Misuse and Exploitation
What this means

Using aggressive cleanup may require packages or browser components to be re-downloaded later and may remove older local logs.

Why it was flagged

Aggressive mode runs broad local cleanup commands that clear package caches and journal logs. This is disclosed and purpose-aligned, but it changes local system/developer state.

Skill content
npm cache clean --force ... pip3 cache purge ... journalctl --vacuum-time=3d
Recommendation

Use --dry-run first, avoid --aggressive unless you explicitly want cache/log cleanup, and review the paths and commands before executing them.