bw-openclaw-boost Security Report — Trusted | ClawSafe

5 /100

bw-openclaw-boost

OpenClaw效率提升工具包 - 包含成本追踪、记忆管理、压缩系统、权限控制等功能

This is a legitimate OpenClaw efficiency tool package. All behavior aligns with documentation — subprocess calls are read-only openclaw CLI invocations, all data stays in the skill-local directory, and there is no network exfiltration or credential harvesting.

Skill Namebw-openclaw-boost

Duration43.3s

Enginepi

✓

Safe to install

No action required. This skill is safe to use as documented.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares config/memory storage; files go to ~/.openclaw/bw-openclaw-boo…
Shell	`READ`	`READ`	✓ Aligned	SKILL.md states 'openclaw CLI（仅读取状态）'; all subprocess calls are 'openclaw status…
Network	`NONE`	`NONE`	—	No HTTP requests, no socket connections, no external IPs found in any file
Environment	`NONE`	`NONE`	—	No iteration over os.environ for secrets; only uses PATH or PYTHON env vars
Skill Invoke	`NONE`	`NONE`	—	No inter-skill invocation observed
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access; all data stored as JSON files locally

File Tree

15 files · 104.2 KB · 3324 lines

Python 10f · 3077L Shell 3f · 132L Markdown 1f · 92L JSON 1f · 23L

├─ ▾ 📁 tools

│ ├─ 🔧 check_permission.sh Shell 30L · 596 B

│ ├─ 🐍 compaction_manager.py Python 459L · 16.2 KB

│ ├─ 🐍 coordinator.py Python 265L · 8.6 KB

│ ├─ 🐍 cost_tracker.py Python 207L · 7.2 KB

│ ├─ 🐍 dream_consolidation.py Python 302L · 8.8 KB

│ ├─ 🐍 feature_flags.py Python 226L · 7.0 KB

│ ├─ 🐍 memory_relevance.py Python 308L · 9.3 KB

│ ├─ 🐍 permission_manager.py Python 479L · 14.4 KB

│ ├─ 🐍 slash_commands.py Python 310L · 9.4 KB

│ ├─ 🔑 token_budget.py ⚠ Python 250L · 7.7 KB

│ └─ 🐍 tool_tracker.py Python 271L · 8.9 KB

├─ 🔧 install.sh Shell 28L · 760 B

├─ 🔧 launch.sh Shell 74L · 2.0 KB

├─ 📝 SKILL.md Markdown 92L · 2.7 KB

└─ 📋 version.json JSON 23L · 712 B

Security Positives

✓ All subprocess calls are read-only openclaw CLI invocations (status, cron list) — documented and scoped

✓ Data storage is strictly limited to skill-local directories (~/.openclaw/bw-openclaw-boost/)

✓ No network requests detected — all operations are local file I/O and CLI parsing

✓ No credential harvesting — no access to ~/.ssh, ~/.aws, .env, or environment variable scanning

✓ coordinator.py is explicitly local-only: '仅做本地任务记录，不发送消息'

✓ dream_consolidation.py explicitly preserves logs: '日志保留，不删除'

✓ No base64, no eval(), no piped curl/wget, no remote script execution

✓ Feature flags and permissions are fully local JSON config files

✓ No third-party dependencies beyond Python stdlib

✓ SKILL.md accurately describes all tool capabilities with no hidden functionality

Scan Report

File Tree

Security Positives