ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self Optimizer

v0.1.0

Analyzes OpenClaw logs, chat history, and the .openclaw installation to propose self-improvement and optimization suggestions. Use when optimizing or auditin...

0· 347·3 current·3 all-time
by@austindixson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (analyze logs, chat history, and .openclaw installation) matches the included Python script which reads gateway.log and openclaw.log and performs chat-history analysis. No unrelated services, binaries, or credentials are requested.
Instruction Scope
The SKILL.md and script explicitly instruct/implement reading local logs and (planned) scanning of openclaw.json and other installation files. This is coherent with the purpose, but these files can contain sensitive information (API keys, tokens, etc.). The script as shown parses timestamps and searches for patterns and emits suggestions; it does not, in the visible portion, transmit data externally or modify other skills.
Install Mechanism
There is no install specification (instruction-only skill with an included script). Nothing is downloaded or written to disk by an installer, which reduces installation risk.
Credentials
The skill requires no environment variables or external credentials, which is proportionate. However, because it reads local config files (planned openclaw.json, MEMORY.md, skill configs), it may access sensitive secrets stored there — this is expected for its purpose but worth caution.
Persistence & Privilege
The skill is not always-enabled and uses normal agent invocation rules. It does not request persistent system privileges or modify other skills according to the provided files.
Assessment
This skill appears to do what it says (parse logs and analyze chat history). Before installing or running it, review the full script (the provided file was truncated in the listing) to confirm there are no network exfiltration calls or subprocess launches in later code. Only run it from a trusted location and in a controlled environment because it will read local files such as gateway.log, openclaw.log, and potentially openclaw.json — these can contain API keys and other secrets. If you plan to run it, either (1) run it on a copy of the logs/configs with secrets redacted, (2) inspect the entire source code for any outbound network I/O or unexpected writes, or (3) run it in a sandboxed environment. If you need higher assurance, ask the author for a full source audit or for the missing/truncated portion of the script before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk971nnq1nd1e28gqt7akev59es8236cq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments