Skylv Openclaw Config Optimizer
v1.0.2OpenClaw Configuration Optimizer. Analyze and optimize OpenClaw config files for better performance and security. Triggers: optimize config, OpenClaw setting...
⭐ 0· 55·1 current·1 all-time
by@sky-lv
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description align with the instructions: it inspects and suggests changes to OpenClaw config files. However, the SKILL.md references running a local script (node optimize-config.js) and OpenClaw CLI commands even though no code or install spec is provided. There is also a minor inconsistency in paths/branding (files under ~/.qclaw vs skill named OpenClaw) and a SKILL.md version (1.0.1) that differs from registry version (1.0.2). These are likely sloppy packaging but reduce confidence that all referenced artifacts exist.
Instruction Scope
Instructions appropriately target config files and contain expected actions (back up config, validate, restart service). They direct reading and modifying local config files and invoking local OpenClaw commands, which is within scope for a config optimizer. They do not instruct exfiltration to external endpoints. Still, the instructions assume the presence of a local 'optimize-config.js' and 'openclaw' CLI—commands that can alter system state—so the user should verify those artifacts and permissions before running.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Because there is no installer or downloads, nothing will be written by the skill package itself. However, the SKILL.md references running a local node script which is not provided.
Credentials
The skill requests no environment variables or external credentials. It sensibly recommends storing API keys in environment variables and checking API key validity in configs, but it does not request secrets itself. This is proportionate to a configuration-audit tool.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request persistent presence or elevated platform privileges. It also doesn't modify other skills' settings according to the provided files.
What to consider before installing
This skill mostly does what it says (inspect and recommend changes to OpenClaw configs) but has a few red flags to check before using: 1) The SKILL.md calls node optimize-config.js and the 'openclaw' CLI, but the package contains no code—confirm the optimize script exists and is from a trusted source before running it. 2) Verify path/name inconsistencies (the doc uses ~/.qclaw) and the version mismatch (SKILL.md 1.0.1 vs registry 1.0.2); these suggest sloppy packaging. 3) Running the suggested commands will read and modify local config files and may restart services—back up configs and review changes manually first. 4) Because the skill can guide actions that change system state, only run it with a trusted agent and on systems where you can recover (or in a test environment) if something goes wrong. If possible, ask the publisher for the missing optimize script and for clarification about config locations before installing or executing automatic steps.Like a lobster shell, security has layers — review code before you run it.
latest
OpenClaw Config Optimizer — OpenClaw 配置优化助手
功能说明
帮助用户分析和优化 OpenClaw 配置文件,提升性能、安全性和稳定性。提供配置审查、优化建议、一键优化等功能。
使用场景
- 配置审查 - 检查当前配置的问题和风险
- 性能优化 - 优化配置提升运行速度
- 安全加固 - 修复安全漏洞和配置风险
- 最佳实践 - 应用官方推荐配置
- 故障排查 - 诊断配置相关的问题
使用方法
1. 配置审查
用户:帮我检查一下 OpenClaw 配置有没有问题
输出:
- 配置文件位置和内容分析
- 发现的问题列表(严重/警告/建议)
- 修复建议
2. 性能优化
用户:OpenClaw 运行有点慢,怎么优化?
输出:
- 当前性能瓶颈分析
- 优化建议(模型选择、并发设置、缓存配置)
- 一键优化脚本
3. 安全加固
用户:如何加固 OpenClaw 的安全性?
输出:
- 安全检查清单
- 风险配置项
- 加固步骤
4. 最佳实践配置
用户:OpenClaw 的最佳实践配置是什么?
输出:
- 推荐的配置文件模板
- 关键配置项说明
- 应用场景适配建议
配置优化项
性能优化
| 配置项 | 优化建议 | 影响 |
|---|---|---|
| model | 使用本地模型或缓存 | 减少 API 调用延迟 |
| concurrency | 根据 CPU 核心数调整 | 提升并行处理能力 |
| cache.enabled | 启用缓存 | 减少重复计算 |
| cache.ttl | 设置合理的缓存过期时间 | 平衡内存和命中率 |
安全加固
| 配置项 | 安全设置 | 说明 |
|---|---|---|
| apiKeys | 使用环境变量存储 | 避免硬编码在配置文件中 |
| allowedTools | 限制可用工具范围 | 减少潜在风险 |
| sandbox | 启用沙箱模式 | 隔离危险操作 |
| logging | 关闭敏感信息日志 | 防止信息泄露 |
稳定性提升
| 配置项 | 建议值 | 说明 |
|---|---|---|
| retry.maxAttempts | 3-5 | 自动重试失败请求 |
| retry.backoffMs | 1000-3000 | 指数退避避免雪崩 |
| timeout.seconds | 60-120 | 避免长时间等待 |
| heartbeat.interval | 30-60 | 保持连接活跃 |
配置文件位置
Windows
C:\Users\{user}\.qclaw\openclaw.json
C:\Users\{user}\.qclaw\config\skills\
macOS/Linux
~/.qclaw/openclaw.json
~/.qclaw/config/skills/
优化检查清单
基础检查
- 配置文件语法正确(JSON 格式)
- 必需的字段完整
- API Keys 有效且未过期
- 路径配置正确
性能检查
- 启用了缓存
- 并发设置合理
- 模型选择适合场景
- 超时设置不过长
安全检查
- API Keys 未硬编码
- 敏感工具已限制
- 沙箱模式已启用
- 日志不包含敏感信息
稳定性检查
- 重试机制已配置
- 超时设置合理
- 心跳间隔适当
- 错误处理完善
一键优化脚本
# 备份当前配置
cp openclaw.json openclaw.json.bak
# 应用优化配置
node optimize-config.js
# 验证配置
openclaw config.validate
# 重启 OpenClaw
openclaw gateway restart
常见问题
Q: 配置优化后 OpenClaw 不工作了?
A: 恢复备份的配置文件 cp openclaw.json.bak openclaw.json,然后逐步应用优化项。
Q: 如何知道哪些配置项最重要?
A: 优先优化:API Keys、模型选择、缓存设置、安全限制。
Q: 配置优化能提升多少性能?
A: 通常可提升 30-50% 的响应速度,具体取决于当前配置和使用场景。
相关文件
- OpenClaw 配置文档:https://docs.openclaw.ai/config
- 安全最佳实践:https://docs.openclaw.ai/security
- 性能调优指南:https://docs.openclaw.ai/performance
触发词
- 自动:检测配置、优化、性能、安全相关关键词
- 手动:/config-optimize, /openclaw-config, /optimize
- 短语:优化配置、配置审查、性能调优、安全加固
Usage
- Install the skill
- Configure as needed
- Run with OpenClaw
Comments
Loading comments...