ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

openclaw-optimize

v2.0.0

Optimize OpenClaw performance and prevent lag. Use when: (1) OpenClaw feels slow or laggy, (2) High memory usage, (3) Slow response times, (4) Gateway crashe...

0· 71·1 current·1 all-time
byAche@zhmza
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the actual capabilities: memory optimization, skill-load analysis, history cleanup, monitoring and config tweaks. The code operates on ~/.openclaw workspace and enumerates skills, which is proportionate to optimizing OpenClaw.
!
Instruction Scope
Runtime instructions and bundled scripts perform file deletions (clean_old removes files from the memory directory and archive operations), manipulate a local vector DB, call into /proc/sys/vm/drop_caches (system-wide cache clearing), call sync, and the Pro code clears sys.modules. These actions can delete user data, require elevated privileges, and can destabilize running Python environments. The SKILL.md and shell scripts also run pip installs and suggest git/wget installs — expected, but destructive actions are present.
Install Mechanism
This is instruction-only with bundled code files; no opaque remote installers are executed by the skill itself. README suggests downloads from GitHub releases (a common host). No evidence of URL shorteners or untrusted hosts in the provided install instructions.
Credentials
The skill requests no environment variables or external credentials. It does, however, access and modify local OpenClaw data paths (~/.openclaw/workspace) and system cache interfaces — capabilities that are relevant to optimization but are powerful and should be granted deliberately.
Persistence & Privilege
The skill is not always: true and does not request elevated platform privileges directly, but its operations (writing to /proc/sys/vm/drop_caches, deleting files in workspace, clearing Python modules) require elevated permissions or can have system-wide effects. It modifies local OpenClaw workspace files (within scope) but also performs system-level cache clearing which is out-of-skill-scope for unprivileged installs.
What to consider before installing
This package appears to do what it claims (optimize OpenClaw) but includes actions that can delete your OpenClaw history and affect system caches and running Python state. Before installing or running: 1) Back up ~/.openclaw/workspace and your vector DB; 2) Inspect the bundled scripts (openclaw_optimize_pro.py, openclaw_optimize.py, openclaw-optimize.sh) yourself—note the code deletes files and writes to /proc; 3) Avoid running as root — if you must run privileged actions (drop_caches), do so deliberately and on a test system; 4) Prefer running first in an isolated/staging environment or container; 5) If you only want diagnostics, run read-only functions (get_status, analyze_load_time) rather than commands that call clean_old, aggressive_gc (which clears sys.modules), or clear_cache; 6) If you trust the author, still consider adding a dry-run option or modifying the scripts to prompt before destructive actions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e5fhn8vdxzm5dp1dtw5sg9983t4e5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments