Sophie Optimizer
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is broadly aligned with its stated purpose, but it can rewrite persistent OpenClaw memory, delete main session files, and restart the gateway without strong safeguards.
Only install or run this if you are comfortable with it modifying OpenClaw memory, storing session summaries, deleting the main session JSON/JSONL files, and restarting the OpenClaw gateway. Before using --reset or scheduling it with cron/heartbeat, add backups, explicit confirmation, and the missing token-threshold check.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the reset path could erase the active session history and interrupt OpenClaw service operation.
The reset script deletes main-session JSON/JSONL files and restarts the OpenClaw gateway. This is aligned with the stated reset purpose, but it is a destructive/high-impact operation with no confirmation, dry run, backup, or recovery guard in the artifact.
rm -f "$SESSION_DIR"/*.jsonl rm -f "$SESSION_DIR"/*.json systemctl --user restart $SERVICE_NAME
Require explicit user approval before reset, create a backup before deleting session files, add a dry-run mode, and clearly show exactly which files and service will be affected.
Incorrect, malicious, or overly sensitive summaries could persist into future OpenClaw sessions and influence later agent behavior.
The script rewrites the user's persistent MEMORY.md using supplied summaries and archive data. Persistent memory mutation is central to the purpose, but the artifacts do not show validation, provenance labels, retention limits beyond the archive display logic, or user review before memory is changed.
MEMORY_FILE = os.path.expanduser("~/openclaw/MEMORY.md")
...
final_content = pre_archive + ARCHIVE_HEADER + new_section + post_archive
...
f.write(final_content)Make memory updates user-reviewable, label generated summaries with provenance and timestamp, avoid storing secrets, and provide retention and rollback controls.
A user may believe the optimizer will avoid acting below 80k tokens, but the provided code can still archive/update memory, and can reset if invoked with --reset.
The documentation claims a token-threshold safety gate, but the provided optimizer.py archives and updates memory after parsing arguments and has no corresponding check before proceeding; reset is only gated by the --reset flag. This mismatch can make users overtrust the automation's safety boundary.
1. **Check**: If tokens < 80k, exit.
Either implement the documented token threshold before any archive, memory write, or reset action, or update the documentation to describe the actual behavior accurately.
Once triggered, the reset may proceed in the background and be harder for the user to stop in time.
When --reset is used, the reset script is launched detached from the parent process. This is scoped to the reset operation and not hidden, but it means the destructive reset can continue even if the invoking process exits.
subprocess.Popen(["/bin/bash", RESET_SCRIPT], start_new_session=True)
Run reset in the foreground by default, log the process ID if detaching is necessary, and require confirmation immediately before launching the detached reset.