ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Optimize

v1.0.0

Audit and optimize OpenClaw token usage, cron job efficiency, and agent performance. Use when user says "optimize openclaw", "reduce token usage", "cron audi...

0· 63·0 current·0 all-time
by@mrmps
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the runtime instructions: the skill audits crons, token usage, and traces via the OpenClaw CLI and local config files. However, the metadata declared no required config paths while SKILL.md explicitly reads ~/.openclaw/* (configs and session traces). The ability requested is coherent for the stated purpose but the metadata omission reduces transparency.
!
Instruction Scope
Instructions tell the agent to read OpenClaw configs, enabled plugin manifests, list cron jobs, fetch run histories, and cat session trace files (~/.openclaw/agents/.../*.jsonl). These traces include full message content (system/user/tool prompts), which can contain sensitive data. The steps are relevant to auditing but grant access to potentially private secrets and full chat content; the skill does not limit or redact that data in its instructions.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by an installer. Risk from installation is low.
!
Credentials
The skill requests access to local OpenClaw configuration and session trace files but the registry metadata lists no required config paths or credentials. While local file access is appropriate for this audit, the missing declaration is an inconsistency that reduces transparency about what will be accessed. There are no environment variables requested, which is proportionate.
Persistence & Privilege
The skill is not marked always:true and has no install behavior. It does not request persistent platform privileges. The agent can invoke it (normal platform default), and the SKILL.md states changes are applied only after explicit user approval.
What to consider before installing
This skill appears to do what it says (audit crons and token usage), but be aware it reads local OpenClaw configs and session trace files that can contain full prompts and potentially sensitive data. Before installing or running: 1) Confirm you trust the skill and the agent's environment because it will read ~/.openclaw and session files. 2) Consider running the audit on a copy of your data or a test account, or ask the skill to only operate on exported/redacted data. 3) Inspect your session traces for secrets; remove or rotate any secrets embedded in prompts. 4) Note the skill's metadata did not declare required config paths — require the author to declare those paths or explain why they were omitted. 5) Require explicit approval before any change is applied (the SKILL.md promises this), and ask for a dry-run report first. If you want, I can produce a short checklist you can run manually (safe, read-only commands) that returns the same high-level info without giving the agent direct access to session files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c8v7n0wsm3qpzzz906z95rs83m2r2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments