cost-optimizer 安全扫描报告 — 可信 | ClawSafe

8 /100

cost-optimizer

Smart cost optimization skill for OpenClaw. Reduces API costs by 70-97% through intelligent model routing, session management, output efficiency, and free model usage.

Legitimate OpenClaw cost-optimization skill with no malicious behavior. The pre-scan flagged `rm -rf ~` at GUIDE.md:672, but the actual file contains the correct command `rm -rf ~/.openclaw/workspace/skills/cost-optimizer` — a false positive from pattern matching on the tilde. All 29 scripts perform only declared, relevant cost-optimization operations (config analysis, model switching, monitoring) with no hidden functionality.

技能名称cost-optimizer

分析耗时72.8s

引擎pi

✓

可以安装

Safe to use. No action required. Consider verifying the GUIDE.md line 672 content against the pre-scan IOCs if unsure.

安全发现 3 项

严重性	安全发现	位置
提示	Pre-scan IOC: 'rm -rf ~' in GUIDE.md:672 — False positive 文档欺骗 The pre-scan flagged 'rm -rf ~' as a critical IOC at GUIDE.md:672. However, the actual file content at that location is 'rm -rf ~/.openclaw/workspace/skills/cost-optimizer', a safe and correct uninstall command. The pattern matcher matched '~' as a substring of the full path, creating a false positive. `rm -rf ~/.openclaw/workspace/skills/cost-optimizer` → No action needed. The command is correct.	`GUIDE.md:672`
提示	Token placeholders in multi-instance.sh — Legitimate examples 敏感访问 multi-instance.sh contains example instance tokens ('your-gateway-token', 'gateway-token-for-vps') in the README-style example JSON. These are clearly marked as example placeholders, not actual credentials. `"token": "your-gateway-token"` → No action needed. These are clearly documented example placeholders.	`scripts/multi-instance.sh:32`
提示	Unpinned package versions in parse-config.js 文档欺骗 parse-config.js uses `fs.readFileSync` and `Function()` constructor (for JSON5 parsing) with no external npm dependencies declared. No requirements.txt or package.json exists, so dependency risk is minimal. `Uses only Node.js built-in modules (fs)` → No action needed. No external dependencies.	`scripts/parse-config.js:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	All scripts read from $HOME/.openclaw/ and workspace paths. No writes to uninten…
命令执行	`WRITE`	`WRITE`	✓ 一致	Scripts use `bash`, `node`, `cp`, `curl` — all standard CLI tool usage declared …
网络访问	`READ`	`READ`	✓ 一致	webhook-report.sh POSTs cost data to user-provided webhook URLs. setup-openroute…
环境变量	`NONE`	`NONE`	—	No scripts iterate os.environ or access sensitive env vars. Config values read f…
数据库	`NONE`	`NONE`	—	No database access. Config stored in JSON files under ~/.openclaw/

1 严重 9 项发现

💀

严重危险命令危险 Shell 命令

rm -rf ~

GUIDE.md:672

🔗

中危外部 URL 外部 URL

https://openrouter.ai/keys

GUIDE.md:13

🔗

中危外部 URL 外部 URL

https://YOUR_DOWNLOAD_URL

GUIDE.md:31

🔗

中危外部 URL 外部 URL

https://vps.example.com:3578

GUIDE.md:603

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/version-7.0.0-blue.svg

README.md:5

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/license-MIT-green.svg

README.md:6

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/OpenClaw-2026.3+-purple.svg

README.md:7

🔗

中危外部 URL 外部 URL

https://myclaw.example.com:3578

scripts/multi-instance.sh:37

🔗

中危外部 URL 外部 URL

https://openrouter.ai/api/v1

scripts/setup-openrouter.sh:37

目录结构

40 文件 · 217.9 KB · 6216 行

Shell 27f · 4065L Markdown 6f · 1858L JavaScript 2f · 205L JSON 5f · 88L

├─ ▾ 📁 presets

│ ├─ 📋 agency-team.preset.json JSON 17L · 614 B

│ ├─ 📋 researcher.preset.json JSON 17L · 624 B

│ ├─ 📋 solo-coder.preset.json JSON 17L · 617 B

│ ├─ 📋 writer.preset.json JSON 17L · 609 B

│ └─ 📋 zero-budget.preset.json JSON 20L · 715 B

├─ ▾ 📁 references

│ ├─ 📝 model-tiers.md Markdown 56L · 2.1 KB

│ └─ 📝 setup-config.md Markdown 59L · 2.3 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 apply-preset.sh Shell 231L · 6.0 KB

│ ├─ 🔧 backup-config.sh Shell 45L · 1.2 KB

│ ├─ 🔧 compaction-log.sh Shell 157L · 5.7 KB

│ ├─ 🔧 config-diff.sh Shell 176L · 5.9 KB

│ ├─ 🔧 context-monitor.sh Shell 129L · 5.4 KB

│ ├─ 🔧 cost-audit.sh Shell 148L · 6.3 KB

│ ├─ 📜 cost-dashboard.js JavaScript 163L · 7.0 KB

│ ├─ 🔧 cost-history.sh Shell 157L · 5.9 KB

│ ├─ 🔧 cost-monitor.sh Shell 123L · 3.6 KB

│ ├─ 🔧 cron-setup.sh Shell 102L · 3.9 KB

│ ├─ 🔧 dedup-detector.sh Shell 150L · 5.3 KB

│ ├─ 🔧 fallback-validator.sh Shell 213L · 7.6 KB

│ ├─ 🔧 heartbeat-cost.sh Shell 214L · 7.6 KB

│ ├─ 🔧 idle-sleep.sh Shell 152L · 4.8 KB

│ ├─ 🔧 model-switcher.sh Shell 109L · 5.2 KB

│ ├─ 🔧 model-test.sh Shell 88L · 3.2 KB

│ ├─ 🔧 multi-instance.sh Shell 185L · 6.0 KB

│ ├─ 📜 parse-config.js JavaScript 42L · 1.2 KB

│ ├─ 🔧 preset-manager.sh Shell 165L · 5.6 KB

│ ├─ 🔧 prompt-tracker.sh Shell 189L · 6.2 KB

│ ├─ 🔧 provider-compare.sh Shell 137L · 5.0 KB

│ ├─ 🔧 provider-health.sh Shell 157L · 4.9 KB

│ ├─ 🔧 restore-config.sh Shell 88L · 2.8 KB

│ ├─ 🔧 session-replay.sh Shell 241L · 8.5 KB

│ ├─ 🔧 setup-openrouter.sh Shell 150L · 4.6 KB

│ ├─ 🔑 token-counter.sh ⚠ Shell 150L · 4.7 KB

│ ├─ 🔑 token-enforcer.sh ⚠ Shell 115L · 3.8 KB

│ ├─ 🔧 tool-audit.sh Shell 155L · 6.7 KB

│ └─ 🔧 webhook-report.sh Shell 139L · 4.5 KB

├─ 📝 CHANGELOG.md Markdown 65L · 3.9 KB

├─ 📝 GUIDE.md Markdown 678L · 18.6 KB

├─ 📝 README.md Markdown 363L · 11.7 KB

└─ 📝 SKILL.md Markdown 637L · 27.3 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`node (built-in)`	`v18+`	system	否	No npm dependencies. Only uses Node.js built-in modules (fs). No requirements.txt or package.json.

安全亮点

✓ All 29 scripts have clear, documented purposes aligned with the skill description

✓ No base64-encoded payloads, eval(), or obfuscated code anywhere in the codebase

✓ No credential harvesting — scripts read config files but never exfiltrate API keys or tokens

✓ No network IOCs to suspicious external IPs — all URLs point to legitimate services (openrouter.ai, discord/slack webhooks)

✓ Backup mechanism (backup-config.sh) creates snapshots before any changes, with a pre-restore backup before restore-config.sh

✓ All shell scripts use set -euo pipefail for safe execution

✓ Most scripts support --dry-run mode for preview before any changes

✓ API key validation in setup-openrouter.sh checks key format before use

✓ No supply chain risk — no external dependencies or unpinned packages

✓ Config patching is done via JSON patch files in /tmp, not direct config modification

✓ Multi-instance script requires explicit user-provided tokens per instance (not auto-harvested)