v0.3.4

Inference Optimizer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:20 AM.

Analysis

The skill is coherent and not clearly malicious, but it can persistently grant script-execution authority and copy, modify, archive, or delete OpenClaw state, so it should be reviewed carefully before applying setup or cleanup.

GuidanceUse /audit if you only want read-oriented diagnostics. Before running /preflight, setup.sh --apply, /optimize actions, or purge sessions, inspect the scripts, secure any backup archives, confirm the paths match your own OpenClaw install, and avoid --delete unless you are sure the data is no longer needed.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

scripts/purge-stale-sessions.sh

[[ "${1:-}" = "--delete" ]] && DO_DELETE=true ... find "$SESSIONS" -type f -name "*.jsonl" -mtime +1 -delete ... rm -f "$f"

The purge script archives by default, but the documented --delete mode permanently deletes stale session files and small memory files.

User impactUsing the delete mode can remove session and memory data immediately instead of preserving an archive for recovery.

RecommendationUse the default archive mode first, verify what was moved, and only use --delete when you intentionally want permanent removal.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/setup.sh

APPROVALS_FILE="${APPROVALS_FILE:-$HOME/.openclaw/exec-approvals.json}" ... agents = ["main", "whatsapp"] ... allowlist.append({"pattern": pattern, "id": str(uuid.uuid4())})

setup.sh --apply persistently adds path-specific execution approvals for this skill's scripts to both the main and whatsapp agents, changing the local permission boundary.

User impactAfter setup is applied, agents may be able to run these skill scripts without the same approval friction; if the skill path or scripts are later changed, that approval can become a powerful local execution permission.

RecommendationReview every script before running setup.sh --apply, keep approvals path-specific, remove approvals you do not need, and back up exec-approvals.json before allowing the skill to edit it.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

scripts/preflight.sh

OPENCLAW_DIR="${OPENCLAW_DIR:-$HOME/.openclaw}" ... backup_dir "$OPENCLAW_DIR" "openclaw-home" ... backup_dir "$WORKSPACE_MAIN" "workspace-clawd" ... backup_dir "$WORKSPACE_WHATSAPP" "workspace-whatsapp"

The preflight command creates local tar backups of the entire OpenClaw home and workspace trees, which may include memory, sessions, config, approvals, and other sensitive runtime state.

User impactSensitive OpenClaw data may be duplicated into backup archives, increasing the places where private memory, configuration, or tokens could remain on disk.

RecommendationTreat preflight backup archives as sensitive, store or delete them deliberately, and avoid running /preflight on environments where broad local state should not be copied.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

optimization-agent.md

Rewrite workspace files ... SOUL.md ≤ 500 chars, AGENTS.md ≤ 1000 chars, TOOLS.md trim unused entries, MEMORY.md keep durable facts only, daily memory files: archive anything older than 3 days

The optimization flow can rewrite persistent workspace and memory files that shape future agent behavior and remembered context.

User impactPoorly reviewed rewrites could remove useful memory or change how the agent behaves in later conversations.

RecommendationReview proposed workspace and memory rewrites line by line, keep backups, and apply only changes that preserve intended agent behavior.