ClawHub

ClawDoctor

ReviewAudited by ClawScan on May 10, 2026.

Overview

ClawDoctor’s cost-analysis purpose is coherent, but it reads recent session transcripts and documents fleet-wide configuration changes that need careful review before use.

Install only if you are comfortable letting the skill inspect recent OpenClaw session history. Treat any proposed fix as a configuration change: ask it to show the exact affected agents and patch payload, approve only specific changes, and keep a rollback plan.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium
#ASI02: Tool Misuse and Exploitation
What this means

If a fix is applied too broadly or incorrectly, the behavior, cost, or reliability of multiple OpenClaw agents could change at once.

Why it was flagged

The skill documents direct configuration mutation through a raw gateway call, including fleet-impacting patches such as default tool budgets, session timeouts, model changes, prompt caching, and system-prompt appends.

Skill content
All fixes are applied via exec tool:
```bash
openclaw gateway call config.patch --params '{"patch": <payload>}' --json --timeout 10000
```
Recommendation

Before allowing fixes, require the skill to show the exact payload, affected agents, expected impact, and rollback steps, and only approve narrowly scoped changes.

Low
#ASI06: Memory and Context Poisoning
What this means

The skill may read and summarize private conversation history from your most expensive recent sessions.

Why it was flagged

The skill intentionally retrieves recent chat transcripts to analyze expensive sessions; this is purpose-aligned, but those transcripts may contain sensitive user or business content.

Skill content
For EACH of the top 5 sessions, run:
```bash
openclaw gateway call chat.history --params '{"sessionKey":"EXACT_KEY_HERE","limit":200}'
```
Recommendation

Use it only on fleets where transcript review is acceptable, and avoid running it over sessions that may contain secrets, regulated data, or highly sensitive conversations.

Low
#ASI06: Memory and Context Poisoning
What this means

Cost findings, affected agent IDs, keywords, and proposed fixes can remain available to later runs of the skill.

Why it was flagged

The skill stores persistent report and pending-fix state under memory files, which supports daily operation but retains derived information about fleet costs and recommended changes.

Skill content
Write after every report:
```json
{
  "generatedAt": "<ISO>",
  "fleetGrade": "<grade>",
  "fixes": [ ... ]
}
```
Recommendation

Review and clear the skill’s memory files if you do not want cost-analysis summaries or pending fixes retained.