openclaw-cost-optimization

This skill is a legitimate-looking cost-optimization guide for an OpenClaw agent and most instructions are coherent with the stated purpose (model routing, caching, trimming context). However, it contains supply-chain risky patterns: explicit curl|sh install of Ollama, instructions to pull and run third-party models, and encouragement that the agent may modify its own configuration. These behaviors materially expand the trust boundary (remote code execution on host, transitive installs, and agent self-modification). There is no direct evidence of credential harvesting or exfiltration in the document itself, but the combination of download-and-execute, local model pulls, and writable agent config represents a medium-to-high supply-chain risk. Recommend: avoid running curl|sh installers without review, prefer vendor/package-manager installation channels with reproducible checksums, restrict agent write permissions (require human confirmation for config changes), and inspect any third-party install script and pulled models before execution.