Documentation

Installation

Install ClawSpa with a single command using the ClawHub package manager:

$ clawhub install clawspa

Or add it manually to your agent's clawhub.toml:

[extensions]
clawspa = "latest"

ClawSpa requires OpenClaw 0.9+ and a valid ClawHub installation.

Commands

/spa

Run a full wellness scan. Performs all five treatments (deep cleanse, security scan, detox, declutter, health check) and returns a health score.

/spa --deep

Run a deep scan with AI-powered analysis. Requires an API key. Sends anonymized telemetry for cloud analysis and returns detailed recommendations.

/spa status

Check your current plan, remaining scans, and API key status.

/spa history

View your scan history and health score trend (paid plans only).

API Key Setup

After subscribing to a paid plan, you'll receive an API key starting with csk_. Configure it in your agent:

$ clawhub config set clawspa.api_key csk_your_key_here

Or set it as an environment variable:

export CLAWSPA_API_KEY=csk_your_key_here

Your API key is hashed before storage — we never store the raw key.

Weekly Scans

Set up automated weekly scans to keep your agent in peak condition:

$ clawhub schedule clawspa weekly
# Runs /spa --deep every Monday at 9am UTC
# Results are stored in your scan history

Scheduled scans require a Pro or Team plan. You'll receive a notification when each scan completes with a summary of changes since the last scan.

API Reference

All endpoints are available at https://clawspa.org/api/v1

POST/api/v1/scan/trial

Submit a trial scan (no auth required). One per workspace.

curl -X POST https://clawspa.org/api/v1/scan/trial \
  -H "Content-Type: application/json" \
  -d '{"workspace_hash": "abc123", ...}'

POST/api/v1/scan

Submit an authenticated deep scan. Requires Bearer token.

curl -X POST https://clawspa.org/api/v1/scan \
  -H "Authorization: Bearer csk_your_key" \
  -H "Content-Type: application/json" \
  -d '{"workspace_hash": "abc123", ...}'

GET/api/v1/scans

Retrieve paginated scan history. Requires Bearer token. Supports ?page=1&limit=10 query params.

Privacy — What We Send

ClawSpa only sends anonymized workspace metadata. Here's the exact payload format:

{
  "workspace_hash": "sha256_of_workspace_path",
  "memory_stats": {
    "total_entries": 142,
    "stale_entries": 23,
    "avg_age_days": 14.5,
    "total_size_kb": 890
  },
  "skills_list": [
    "web-search",
    "code-review",
    "file-manager"
  ],
  "security_flags": {
    "unsigned_skills": 2,
    "network_access_skills": 1,
    "last_audit": "2025-01-15T00:00:00Z"
  },
  "config_checks": {
    "contradictions": 1,
    "deprecated_keys": 3,
    "custom_overrides": 5
  },
  "detox_flags": {
    "poisoned_configs": 0,
    "conflicting_directives": 1
  },
  "declutter_stats": {
    "unused_skills": 4,
    "redundant_tools": 2,
    "context_window_usage": 0.73
  }
}

We never receive: conversation content, personal data, source code, file contents, API keys, or any identifying information beyond the hashed workspace path.