v1.0.0

Sophie Optimizer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:14 AM.

Analysis

Review before installing: this skill can rewrite long-term memory, archive context summaries, delete the main session files, and restart OpenClaw, while its documented token-threshold safety check is not implemented in code.

GuidanceInstall only if you intentionally want this skill to manage OpenClaw memory and reset the main session. Before using it, add or verify a real token threshold, require confirmation for --reset, back up session files, and review any summaries before they are written to MEMORY.md.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

reset.sh

rm -f "$SESSION_DIR"/*.jsonl
rm -f "$SESSION_DIR"/*.json
...
systemctl --user restart $SERVICE_NAME

The reset script deletes the main OpenClaw session JSON/JSONL files and restarts the gateway service. This is purpose-related but high-impact and destructive, especially because it can be launched by optimizer.py when --reset is supplied.

User impactA run with reset enabled can erase current session history and interrupt OpenClaw by restarting its gateway service.

RecommendationRequire explicit user confirmation or a dry-run mode before reset, create backups before deletion, and enforce clear reset conditions in code.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

1. **Check**: If tokens < 80k, exit.

The documentation presents a token-threshold safety gate, but the complete optimizer.py implementation does not compare tokens to 80000 before archiving, updating memory, or launching reset.sh when --reset is set.

User impactUsers may believe the skill will only act at high token usage, while automation or manual invocation can perform the high-impact reset without that documented guard.

RecommendationImplement the documented threshold check or update the documentation to accurately describe when archiving and resets occur.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Run the optimizer script manually or via cron/heartbeat:

The skill does not install cron itself, but the documentation explicitly supports recurring unattended operation. This is notable because the same workflow can update memory and trigger a hard reset.

User impactIf scheduled without safeguards, the optimizer could repeatedly mutate memory or reset sessions without a person reviewing each run.

RecommendationOnly enable cron or heartbeat execution after adding clear thresholds, logging, backups, and a way to disable automatic resets.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

optimizer.py

MEMORY_FILE = os.path.expanduser("~/openclaw/MEMORY.md")
...
new_section += f"- **Summary:** {summ}\n\n---\n\n"
...
f.write(final_content)

The script persists the supplied summary text into OpenClaw's MEMORY.md and also writes archive JSON files. The artifacts do not show origin labels, sanitization, review, or retention limits for memory content.

User impactSensitive or untrusted context summaries can become persistent memory and may influence future sessions if OpenClaw reuses MEMORY.md.

RecommendationReview summaries before writing them to memory, label generated content with its source and time, sanitize instruction-like text, and add retention or deletion controls for archives.