ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Anthropic Cost Optimizer

v1.0.0

Audits and rewrites your OpenClaw config to minimize API token costs. Use this skill whenever the user mentions high bills, API costs, billing changes, "too...

0· 26·0 current·0 all-time
byNext Frontier AI@nextfrontierbuilds
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the behavior: the skill inspects OpenClaw YAML/JSON, applies cost-focused edits (caching, model routing, thinking scope, context1m, fastMode) and estimates savings using a local pricing reference. It does not request unrelated secrets or binaries.
Instruction Scope
Instructions explicitly direct the agent to locate and read OpenClaw config files from the current directory and several home paths, analyze them using the bundled pricing reference, present a diff and cost estimate, then (with user confirmation) write the optimized config back to the same file. This is within the stated purpose but involves reading and modifying user files — the skill does ask for confirmation before writing, which mitigates risk, but users should review diffs and back up configs before applying changes.
Install Mechanism
No install spec and no code files — instruction-only skill. Lowest risk from installation because nothing is downloaded or installed on disk beyond the agent's normal execution environment.
Credentials
No environment variables, credentials, or external config paths are requested. The skill mentions that caching is API-key only, but it does not request API keys itself — this is consistent (it can only recommend config changes; applying caching may require the user to use API keys).
Persistence & Privilege
Skill is user-invocable and not forced-always; model invocation is allowed (normal default). Because it can write to local config files (with confirmation), consider that an agent with file-system access could apply changes. There's no evidence the skill modifies other skills or system-wide agent settings.
Assessment
This skill appears to do what it claims, but you should: (1) back up your OpenClaw config before running it, (2) review the reported issues, estimated savings, and the exact diff it proposes before approving any write, (3) be aware caching suggestions may require API-key usage (subscriptions/setup-tokens may not honor caching), and (4) only allow the skill to run with a user who understands and can validate the changes. Because the skill will read and (with confirmation) write files in your home/project paths, treat it like any tool that edits configuration — inspect outputs and keep a copy of the original config.

Like a lobster shell, security has layers — review code before you run it.

latestvk97egy512ev1vr3d04ct90mkcx847t98

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments