Cost Optimizer
WarnAudited by ClawScan on May 18, 2026.
Overview
Cost Optimizer mostly matches its cost-saving purpose, but several scripts execute local config contents as JavaScript, so it should be reviewed before use.
Review the scripts before running them, especially any that parse openclaw.json with new Function. If you install it, make a backup, use dry-run or patch review for presets, use least-privilege API keys, and enable cron or webhook reporting only after checking exactly what will run and where reports will be sent.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the config file is malicious or compromised, running these optimizer scripts could execute code on the user's machine with the user's permissions.
The script reads a local OpenClaw config file and evaluates its contents as JavaScript. Static scan evidence shows the same pattern across many scripts.
const raw = fs.readFileSync('$CONFIG', 'utf8');
const config = new Function('return (' + raw + ')')();Replace new Function parsing with a safe JSON/JSON5 parser, pass file paths as process arguments instead of interpolating them into node -e strings, and inspect configs before running the scripts.
Approved changes can affect model quality, cost, reliability, heartbeat behavior, and concurrency for the user's OpenClaw agent.
The skill is designed to modify agent configuration, including models and routing. The instructions do require user permission, making this purpose-aligned but still high-impact.
Ask permission at each step before making changes... If yes: add the free models to config... If they choose: update model.primary
Use dry-run or patch review first, keep backups, and approve only the specific model/routing changes you understand.
Users have less registry-level assurance about where the scripts came from or which dependencies are required.
The registry metadata does not pin provenance or an installation mechanism, while the package includes many executable scripts that users may chmod and run.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Install only from a trusted source, inspect scripts before execution, and prefer a verified repository or checksum when available.
Provider keys and webhook URLs can grant access to external services if exposed or misused.
The skill may use an optional provider API key and webhook URL. This is expected for its model-routing and reporting features, and the artifacts do not show hardcoded or unrelated credential use.
OpenRouter API key — Required for free models ($0.00/request)... Webhook URL — For automated cost reports
Use least-privilege keys where possible, avoid pasting secrets into unrelated chats or logs, and rotate keys if they may have been exposed.
Cost and usage summaries may be visible to whoever can access the configured webhook destination.
The skill includes external webhook reporting. That is disclosed and purpose-aligned, but it creates an outbound data flow to third-party chat or webhook services.
`webhook-report.sh` | Send daily reports to Discord/Slack/any webhook |
Use private webhook channels, review report contents before automating them, and avoid sending prompts, logs, or secrets in reports.
Monitoring or reporting may continue on a schedule after initial setup.
Cron templates can create recurring background monitoring or reporting jobs if the user installs them. This persistence is documented and appears user-directed.
`cron-setup.sh` | Pre-built cron templates for automated monitoring |
Review any cron entries before enabling them and remove scheduled jobs when you no longer want automated monitoring.