Reduce OpenClaw token usage and API costs through smart model routing, heartbeat optimization, budget tracking, and native 2026.2.15 features (session prunin...
Security Analysis
high confidenceThe skill's code, files, and instructions are coherent with its stated purpose (local token-optimization helpers); nothing requires unrelated credentials or network access by default.
Name/description (token optimization via context/model/heartbeat/budget) match the included scripts and docs. Optional docs reference multi-provider setups and example API key placeholders, but the executable scripts do not require or use external network calls by default.
Runtime instructions and scripts operate on the OpenClaw workspace (reading/writing ~/.openclaw/workspace and memory JSON files) which is expected for this purpose. Minor discrepancy: SKILL.md and SECURITY.md emphasize "no system modifications" and "no subprocess calls," yet the README and SKILL.md show explicit user actions that write files (cp to ~/.openclaw/workspace/HEARTBEAT.md) and the bundle includes a shell wrapper (scripts/optimize.sh) that launches the bundled Python scripts. These are local, user-invoked operations and not networked, but the SKILL.md phrasing is slightly over-broad.
No install spec (instruction-only) and code is bundled in the package. No downloads or external installers are run automatically. The scripts use only Python standard library and a small shell wrapper; .clawhubsafe provides SHA256 checksums for integrity.
Registry declares no required env vars or credentials. Some scripts (model_router) will optionally detect provider API keys from environment to choose a default provider, but they do not send network requests. Documentation references API key placeholders only for optional multi-provider workflows — expected and proportionate.
Skill is not always-enabled and uses no elevated privileges. It writes and reads files only in the user's OpenClaw workspace (~/.openclaw/workspace), which is reasonable for configuration/state helpers. It does not modify other skills or system-wide settings autonomously.
Guidance
This skill appears to be what it claims: local Python utilities that read/write files under your OpenClaw workspace to recommend and apply token-saving patterns. Before installing: (1) Inspect the bundled scripts yourself (they're small and use only the Python stdlib); (2) verify the .clawhubsafe checksums after download; (3) be aware that running the optional optimize.sh or following the README's cp command will write files into ~/.openclaw/workspace (this is expected behavior for applying heartbeat templates and storing state); and (4) documentation mentions multi-provider setups and API key placeholders — those are optional and not used automatically. If you need absolute assurance, run the Python scripts directly instead of the shell wrapper and review the workspace files the scripts create.
Latest Release
v3.0.0
**Major update: v3.0 introduces lazy skill loading and restructures optimization logic for maximum token savings.** - Added native support and documentation for lazy skill loading (SKILLS.md-based), now the largest single optimization. - Removed bundled cronjob guide and multi-provider reference/config files; external strategies are now referenced but not included. - Simplified documentation to focus on core, local-only optimizations and integration patterns. - Updated AGENTS.md and heartbeat optimization templates for compatibility with session pruning and newer OpenClaw features. - All scripts and documentation updated for consistency with v3.0 best practices.
More by @Asif2BD
Published by @Asif2BD on ClawHub
