Scan Report
5 /100
anthropic-cost-optimizer
Audits and rewrites OpenClaw config to minimize Anthropic API token costs using five cost levers (prompt caching, model routing, thinking scope, 1M context, fast mode)
A legitimate OpenClaw config optimizer that reads config files and rewrites them with user confirmation — no security concerns found.
Safe to install
This skill is safe to use. No action needed.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ,WRITE | READ,WRITE | ✓ Aligned | SKILL.md lines 29-50: reads config from ./ ~/.openclaw/ ~/ paths; SKILL.md Step … |
| Network | NONE | NONE | — | No network requests found; references/pricing.md is a local reference file only |
| Shell | NONE | NONE | — | No subprocess, Bash, or shell commands anywhere in the skill |
| Environment | NONE | NONE | — | Skill does not read or iterate environment variables |
| Clipboard | NONE | NONE | — | No clipboard access mentioned or observed |
| Browser | NONE | NONE | — | No browser or web fetch usage |
| Database | NONE | NONE | — | No database access |
File Tree
2 files · 8.9 KB · 280 lines Markdown 2f · 280L
├─
▾
references
│ └─
pricing.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ SKILL.md accurately describes all capabilities and behavior with no hidden functionality
✓ All file writes require explicit user confirmation via 'Apply these changes?' prompt before any config is modified
✓ Only reads/writes OpenClaw config files — no access to sensitive paths like ~/.ssh, ~/.aws, or .env
✓ No shell commands, subprocess, or any form of code execution
✓ No network requests — pricing data is read from a local static reference file only
✓ No credential harvesting, credential storage, or environment variable access
✓ No obfuscation, base64 payloads, or suspicious encoded content
✓ Config writing is scoped to the user's config file path only, not arbitrary filesystem locations
✓ Skill is purely a configuration audit/rewrite utility — the scope is narrow and benign