v1.4.0

LX Agent Optimizer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:12 AM.

Analysis

The skill is coherent and not overtly malicious, but it gives the agent broad ongoing access to private context and persistent self-modification, so it needs careful review before installation.

GuidanceInstall only if you are comfortable with an agent reading local OpenClaw session history, workspace files, and possibly calendar data, and with it writing long-term memory or behavior rules. Before use, remove the hardcoded Paolo-specific helper path, require confirmation for memory/file/calendar changes, and make any weekly cron job clearly opt-in and easy to disable.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

references/proactive-patterns.md

Safe to do freely:
- Read files, search web, check calendars
- Update memory, logs, TOOLS.md
- Run scheduled checks
- Organize workspace

This explicitly authorizes broad file, calendar, memory, scheduling, and workspace actions without asking the user, but does not define safe paths, sensitive-data exclusions, or approval boundaries.

User impactThe agent could inspect private local context or change workspace and agent-behavior files before the user has approved the specific action.

RecommendationLimit free actions to explicit paths and low-risk checks; require confirmation for calendar access, memory/tool-file edits, workspace organization, and any scheduled automation.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Run `python3 /Users/paolo/.openclaw/workspace/skills/calendar-morning/scripts/today_events.py`

The skill instructs the agent to run a helper script outside the provided artifact set; that script is not included for review and is tied to a specific author's local path.

User impactAn agent following this guidance could execute unreviewed local code if a matching path exists or if a user copies the pattern to another helper.

RecommendationDo not reference unbundled executable helpers; include auditable code in the skill package or make the external dependency optional, user-configured, and explicitly approved.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

"name": "Weekly Self-Improvement", "schedule": { "kind": "cron", "expr": "0 9 * * 1" }, "sessionTarget": "main", "text": "⏰ Weekly improvement: read improvement_log.md, review last week's problems, add 2-3 new lessons, send brief report to user."

The scheduled main-session cron is disclosed and user-directed, but it creates ongoing autonomous activity that reads and writes self-improvement state.

User impactThe agent may continue performing weekly analysis and memory updates after installation unless the user remembers to disable or constrain the cron.

RecommendationMake the cron opt-in, document how to disable it, and require approval before any persistent memory or behavior-file changes made by the scheduled job.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Apple Calendar today events | Run `python3 /Users/paolo/.openclaw/workspace/skills/calendar-morning/scripts/today_events.py` on Paolo's Mac mini; under the hood it uses `/usr/bin/osascript` + Calendar.app

This directs use of local Calendar.app account access through a hardcoded personal machine path, but the skill metadata does not declare calendar credentials, required config, or account-access boundaries.

User impactIf followed in an environment where such access exists, the agent may read private calendar data under the local user's account.

RecommendationDeclare calendar access explicitly, remove author-specific paths, require user approval before reading calendar data, and document exactly which calendar data is accessed and reported.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

references/behavior-learning.md

Every Monday 9:00 AM:
1. Read improvement_log.md for history
2. Review last 7 days of conversations
3. Identify 2-3 concrete problems
4. Write specific, actionable lessons
...
Lesson mentioned 3x in log → move to TOOLS.md or SOUL.md
... record in MEMORY.md

The skill tells the agent to mine recent conversation history and persist derived lessons into long-term behavior files, with no strong validation, review, retention, or rollback controls.

User impactPrivate conversation content or mistaken lessons could be converted into persistent instructions that influence future sessions.

RecommendationRequire explicit user review before writing long-term memory, TOOLS.md, or SOUL.md; store only minimal summaries; add retention limits and an easy way to inspect and revert changes.