Skillv1.0.0

ClawScan security

Token Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 12, 2026, 5:32 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill largely matches its stated purpose (analyzing local OpenClaw sessions) but the package metadata omits required dependencies and the runtime can read sensitive session transcripts and (with --apply) restart the gateway — these mismatches and high-impact actions deserve review before installing.
Guidance: Before installing or running this skill: - Verify you have the 'openclaw' CLI installed and accessible on PATH. The code calls 'openclaw' via subprocess though the registry metadata lists no required binary. - Review the included code (scripts/token_optimize, src/*.py) yourself — the tool reads session transcript files (~/.openclaw/agents/main/sessions/*.jsonl) and will process potentially sensitive message contents and tool arguments. - Run read-only actions first (e.g., --analyze, --health-check, --compress) to inspect output and confirm behavior. Avoid using --cleanup --apply until you’ve reviewed what 'apply' does (operating-notes indicate it currently issues a gateway restart) and tested in a staging environment. - Confirm where compressed snapshots and config files will be written (~/.openclaw/workspace/token-usage/), and whether that storage is acceptable for your data sensitivity requirements. - Because the skill source is 'unknown' and not from a verified publisher, prefer running it on a non-production system first and consider searching for the repository or contacting the author to verify provenance. If you want, I can list the exact lines where the tool invokes the 'openclaw' CLI and where it reads/writes files so you can more easily audit the risky calls.

Review Dimensions

Purpose & Capability: concernThe skill's name/description (token optimization for OpenClaw) matches the code behavior: it reads OpenClaw session data, analyzes tokens, compresses contexts, and proposes/apply cleanup actions. However, the skill assumes an 'openclaw' CLI and specific ~/.openclaw paths but the registry metadata lists no required binaries or credentials — that omission is an incoherence that could mislead users about runtime prerequisites.
Instruction Scope: noteSKILL.md instructs running the included CLI which: reads session transcript files (~/.openclaw/agents/main/sessions/*.jsonl), writes compressed snapshots and a local config under ~/.openclaw/workspace/token-usage/, and can build/apply a cleanup plan. Reading transcripts and tool results is expected for token analysis but contains potentially sensitive content; the '--apply' mode can perform a gateway restart (disruptive operational effect) per operating-notes.
Install Mechanism: okNo remote downloads or unpacking are used. The repo includes scripts and a small install.sh that only chmods the CLI; package.json maps a bin. No installer downloads arbitrary code from external URLs. This is low install risk, but the lack of an install spec declaring 'openclaw' as a required binary is an operational gap.
Credentials: okThe skill requests no environment variables or external credentials. It only accesses local OpenClaw configuration and session files under the user's home directory, which is proportionate to its purpose. Be aware those files can include sensitive messages and tool arguments.
Persistence & Privilege: notealways:false and no special persistence are set (good). The skill can be invoked autonomously by the agent (platform default). The notable privilege is that the tool can execute 'openclaw gateway restart' when user requests '--cleanup --apply' which is a potentially disruptive system operation; it does not try to modify other skills or request permanent elevated credentials.