by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This package appears to do what it claims (optimize OpenClaw) but includes actions that can delete your OpenClaw history and affect system caches and running Python state. Before installing or running: 1) Back up ~/.openclaw/workspace and your vector DB; 2) Inspect the bundled scripts (openclaw_optimize_pro.py, openclaw_optimize.py, openclaw-optimize.sh) yourself—note the code deletes files and writes to /proc; 3) Avoid running as root — if you must run privileged actions (drop_caches), do so de...详细分析 ▾
✓ 用途与能力
Name/description match the actual capabilities: memory optimization, skill-load analysis, history cleanup, monitoring and config tweaks. The code operates on ~/.openclaw workspace and enumerates skills, which is proportionate to optimizing OpenClaw.
⚠ 指令范围
Runtime instructions and bundled scripts perform file deletions (clean_old removes files from the memory directory and archive operations), manipulate a local vector DB, call into /proc/sys/vm/drop_caches (system-wide cache clearing), call sync, and the Pro code clears sys.modules. These actions can delete user data, require elevated privileges, and can destabilize running Python environments. The SKILL.md and shell scripts also run pip installs and suggest git/wget installs — expected, but destructive actions are present.
✓ 安装机制
This is instruction-only with bundled code files; no opaque remote installers are executed by the skill itself. README suggests downloads from GitHub releases (a common host). No evidence of URL shorteners or untrusted hosts in the provided install instructions.
✓ 凭证需求
The skill requests no environment variables or external credentials. It does, however, access and modify local OpenClaw data paths (~/.openclaw/workspace) and system cache interfaces — capabilities that are relevant to optimization but are powerful and should be granted deliberately.
ℹ 持久化与权限
The skill is not always: true and does not request elevated platform privileges directly, but its operations (writing to /proc/sys/vm/drop_caches, deleting files in workspace, clearing Python modules) require elevated permissions or can have system-wide effects. It modifies local OpenClaw workspace files (within scope) but also performs system-level cache clearing which is out-of-skill-scope for unprivileged installs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv2.0.02026/3/29
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install optimize
镜像加速npx clawhub@latest install optimize --registry https://cn.longxiaskill.com