Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Inference Optimizer
v0.3.4Audit OpenClaw runtime health first, then optimize inference speed and token usage with approval. Use /audit for analyze-only and /optimize for analyze + act...
⭐ 0· 570·3 current·3 all-time
byVitaly Matveev@vitalyis
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to audit and then optimize OpenClaw runtime and the required binaries (bash, python3) and shipped scripts align with that purpose. Minor metadata mismatch: registry 'required config paths' is empty while SKILL.md and scripts read/wrote ~/.openclaw and workspace paths (the SKILL.md frontmatter does list stateDirs), but this is reasonably coherent for an audit/optimization tool.
Instruction Scope
Runtime instructions and shipped scripts do more than read state: they back up and archive user data, inspect system services (systemctl, journalctl), rewrite workspace files (AGENTS.md, TOOLS.md) and can modify exec-approvals.json to insert allowlist entries. While the scripts include preview-first and explicit --apply semantics and recommend per-step approvals, the ability to programmatically add approval patterns and edit workspace files expands the skill's scope beyond passive auditing.
Install Mechanism
No remote download/install spec in the registry package; the repo is instruction-only and contains local scripts. There is no opaque network fetch/extract during install. Manual install via git clone is documented.
Credentials
The skill requests no external credentials and only references local OpenClaw files and paths (workspace, sessions, approvals). The permissions it needs are proportional to auditing and local file edits; there are no unexplained API keys or unrelated credentials.
Persistence & Privilege
always:false (good) but setup.sh --apply will modify workspace files and update exec-approvals.json for agents (main + whatsapp). Modifying an approvals file programmatically can broaden the skill's runtime privileges on the host; verify these changes before allowing them. The skill does not auto-enable itself as always:true, but it does manage global agent allowlist state when applied.
Scan Findings in Context
[system-prompt-override] unexpected: The pre-scan flagged 'system-prompt-override' patterns in SKILL.md. The current SKILL.md explicitly includes a disclaimer that platform/system prompts take precedence, suggesting the repo previously contained wording interpreted as an attempt to override system prompts. Surface this to reviewers; the presence of the pattern warrants caution but the current content claims not to override system prompts.
What to consider before installing
What to check before installing or running this skill:
- Review the scripts locally (scripts/setup.sh, openclaw-audit.sh, purge-stale-sessions.sh, preflight.sh, verify.sh). They are readable shell/python; read them yourself before running --apply.
- Run previews only (setup.sh without --apply; preflight without --apply-setup) first. Inspect the produced logs in the backup/run directory.
- Inspect your exec-approvals.json before and after any apply step. setup.sh --apply will add approval patterns (and verify.sh fails if they are missing). Ensure you are comfortable with those exact path patterns being allowed to execute.
- Back up ~/.openclaw and your workspace manually before running apply or purge; preflight creates backups, but verify them first.
- For purge actions: prefer archive-first (default). Avoid --delete unless you have verified archive contents.
- If you want minimal risk, run the audit only (/audit) and refuse any automatic allowlist changes; perform any approval additions manually after inspection.
- Consider testing on a non-production instance first so you can observe the scripts' effects (wiring edits, approval file changes, service checks) without affecting live users.
Why suspicious: the skill's behavior is coherent with its stated goal, but the automated modification of approval lists and workspace files increases its privilege footprint and is surprising — review and explicit manual approvals reduce risk.Like a lobster shell, security has layers — review code before you run it.
Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
Config requirements
State dirs~/.openclaw, ~/clawd/skills/inference-optimizer, ~/openclaw-purge-archive
CLI help (from plugin)
Install (ClawHub): clawhub install inference-optimizer Manual: git clone https://github.com/vitalyis/inference-optimizer.git ~/clawd/skills/inference-optimizer Preview: bash ~/clawd/skills/inference-optimizer/scripts/setup.sh Apply: bash ~/clawd/skills/inference-optimizer/scripts/setup.sh --apply Verify: bash ~/clawd/skills/inference-optimizer/scripts/verify.sh
cache-warmvk978tadyvq9tt9ky5qa5xz9z3s8292m6inference-optimizationvk978tadyvq9tt9ky5qa5xz9z3s8292m6latestvk97a501x22wxjk17967t9cj4r98428erllm-optimizationvk978tadyvq9tt9ky5qa5xz9z3s8292m6session-cleanupvk978tadyvq9tt9ky5qa5xz9z3s8292m6session-cleanup token-auditvk976mawfdx85tr5z5nsj2e3z11824e8ktoken-auditvk978tadyvq9tt9ky5qa5xz9z3s8292m6workspace-optimizationvk978tadyvq9tt9ky5qa5xz9z3s8292m6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚡ Clawdis
OSLinux
Binsbash, python3
Config example
Starter config for this plugin bundle.
Required skill-specific env vars: none (no API keys). Reads local OpenClaw state under ~/.openclaw; skill files live under ~/clawd/skills/inference-optimizer when installed as documented. Preflight may archive ~/.openclaw and workspace trees—treat backups as potentially sensitive.