Back to skill
Skillv1.0.0
ClawScan security
OpenClaw: memory optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 4, 2026, 2:31 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are consistent with its stated purpose: it reads and updates the local OpenClaw memory-search configuration and uses the OpenClaw CLI to apply and verify changes.
- Guidance
- This skill appears coherent and limited to tuning your local OpenClaw memory-search config. Before using it: (1) ensure you have the openclaw CLI and python3 installed (the SKILL.md assumes them); (2) back up ~/.openclaw/openclaw.json before making changes; (3) review any proposed config edits/commands before running them (they will edit your config and may restart the OpenClaw gateway); and (4) note the skill does not request network credentials or send data externally. If you need the skill to declare prerequisites, ask the author to list required binaries and a safety checklist.
Review Dimensions
- Purpose & Capability
- noteThe name/description match the actions in SKILL.md: inspecting and tuning OpenClaw 4.2 memory-search settings. One minor mismatch: the SKILL.md assumes the presence of the 'openclaw' CLI and python3 for a one-liner, but the registry metadata does not declare required binaries. This is a usability omission, not a security mismatch.
- Instruction Scope
- okInstructions are narrowly scoped to reading and editing ~/.openclaw/openclaw.json, setting config via the openclaw CLI, toggling environment feature flags for the gateway, and running OpenClaw diagnostics. There are no steps that read unrelated system files, transmit data to external endpoints, or request broad system context.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This minimizes disk write/execution risk. SKILL.md relies on existing tooling (openclaw CLI, python3) rather than installing new packages.
- Credentials
- okThe skill does not request environment variables, credentials, or config paths beyond the local OpenClaw config (~/.openclaw/openclaw.json). It suggests temporarily setting feature-flag env vars (OPENCLAW_MEMORY_MMR, OPENCLAW_MEMORY_TEMPORAL_DECAY) for runtime toggles, which is proportional to the task.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent elevation, nor does it modify other skills or system-wide agent settings beyond advising edits to the OpenClaw config and restarting the gateway (expected for applying changes).