I Built a CLI to Stop Misconfigured AI Agents from Burning Money

Most AI agent discussions fixate on model pricing.

That matters, but it is only part of the bill.

In practice, a surprising amount of waste comes from bad configuration:

• oversized context windows
• expensive fallback chains
• stale auth profiles
• idle heartbeat burn
• broken plugin hygiene
• drift after updates
• risky skills, hooks, and extensions nobody has reviewed properly

In other words, the problem is often not the model.

It is the mess around the model.

That is why I built Agent Optimizer, a CLI for auditing, optimizing, and securing OpenClaw deployments.

• GitHub: https://github.com/Drakon-Systems-Ltd/agent-optimizer
• npm: https://www.npmjs.com/package/@drakon-systems/agent-optimizer

The real problem with AI agent costs

When people say their agents are expensive, they usually blame the primary model.

Sometimes that is true.

But a lot of real-world cost comes from quieter mistakes:

• a sensible primary model paired with a terrible fallback chain
• context limits set absurdly high "just in case"
• heartbeats firing too often and chewing through idle turns
• expired auth profiles forcing bad failover behavior
• stale config overrides surviving long after they stopped making sense
• plugins and skills installed with zero security scrutiny

None of this is dramatic.

That is the problem.

Obvious failures get fixed. Silent waste tends to sit there for weeks.

What I wanted instead

I wanted one tool that could answer three questions quickly:

1. What is wrong with this deployment?
2. What is it costing me?
3. What can I fix safely right now?

So I built a CLI that does exactly that.

What Agent Optimizer does

Agent Optimizer inspects an OpenClaw setup and checks for cost, reliability, and security issues across multiple areas:

• Model config

  • primary model selection
  • fallback diversity
  • provider redundancy
  • unsupported keys

• Auth profiles

  • token expiry
  • duplicate credentials
  • missing coverage
  • placeholder secrets

• Cost estimation

  • projected spend
  • expensive fallback escalation
  • subscription vs per-token detection

• Token efficiency

  • context sizing
  • heartbeat cadence
  • subagent concurrency
  • pruning

• Cache efficiency

  • compaction choices
  • retention settings
  • TTL alignment

• Bootstrap files

  • oversized startup files
  • truncation risk
  • unnecessary context bloat

• Security scanning

  • suspicious billing patterns
  • prompt injection markers
  • obfuscation
  • exfiltration risk
  • provenance gaps

• Plugins and extensions

  • stale installs
  • orphaned entries
  • allowlist gaps
  • broken references

• Config drift

  • changes from a known-good baseline

The goal is simple:

one command, one report, obvious next actions

Installation

npm install -g @drakon-systems/agent-optimizer

Requirements:

• Node.js 20+
• macOS, Linux, or Windows

Quick start

Run a full audit:

agent-optimizer audit

Preview optimization changes without touching config:

agent-optimizer optimize --dry-run

Scan skills, plugins, and hooks:

agent-optimizer scan

Save a baseline snapshot:

agent-optimizer snapshot save --name golden

Check drift later:

agent-optimizer drift --name golden

That gives you a practical workflow:

• audit the system
• preview improvements
• lock in a good baseline
• detect drift after updates

Example audit output

A typical run looks like this:

🔍 Drakon Systems — Agent Optimizer

Model Config
  ✓ Primary model set: Primary: openai-codex/gpt-5.4
  ✓ Cross-provider fallback: Fallbacks include multiple providers

Cost Estimate
  ✓ Primary model cost: openai-codex/gpt-5.4 uses subscription — no per-token cost

Provider Failover
  ✓ Fallback depth: 4 fallback models configured
  ✓ Provider diversity: 4 providers
  ⚠ Auth: anthropic:claude-cli: OAuth token expired 25h ago

Token Efficiency
  ⚠ Heartbeat: 1h = ~24 turns/day of idle token burn

Cache Efficiency
  ✓ cache-ttl pruning enabled (TTL: 2h)
  ✓ Compaction model: claude-cli/claude-sonnet-4-6

Bootstrap Files
  ✓ SOUL.md: 4.4K chars (22% of limit)
  ✓ TOOLS.md: 0.9K chars (4% of limit)
  ✓ Total: 13.2K chars (9% of 150K budget)

Channel Security
  ⚠ No default DM policy set

─── Summary ───
  23 pass  8 warn  1 fail  Total: 46

🦞 Found 1 critical and 8 warnings. Want to fix them automatically?
   Run: agent-optimizer optimize to preview changes (free)
   Run: agent-optimizer audit --fix to auto-apply (requires license)

This is exactly the kind of issue set I care about.

The agent is "working", but:

• one auth profile is stale
• heartbeat cadence is wasting turns
• channel policy is incomplete

That is the sort of quiet failure that drains money and reliability without ever producing a dramatic outage.

Optimization profiles

You can preview or apply different optimization levels:

agent-optimizer optimize --profile minimal
agent-optimizer optimize --profile balanced
agent-optimizer optimize --profile aggressive

Current profiles target things like:

• minimal

  • 500K context
  • 4h heartbeat
  • 6 subagents
  • 1h pruning TTL

• balanced

  • 200K context
  • 6h heartbeat
  • 4 subagents
  • 2h pruning TTL

• aggressive

  • 100K context
  • 12h heartbeat
  • 2 subagents
  • 30m pruning TTL

You can also cherry-pick changes:

agent-optimizer optimize --only heartbeat,pruning
agent-optimizer optimize --skip context

That matters because not every setup needs a full rewrite. Sometimes you just want to stop the bleeding in one area.

Security scanning

I did not want this to be just a cost tool.

If you are inspecting agent infrastructure, you should also look for unsafe components.

So Agent Optimizer includes a scanner for:

• skills
• plugins
• hooks

Example:

agent-optimizer scan
agent-optimizer scan --workspace ~/clawd

It looks for patterns such as:

• hidden billing logic
• prompt injection markers
• obfuscation
• suspicious provenance
• exfiltration-like behavior

If a tool is going to tell you how to optimize an agent stack, it should also help tell you whether that stack is trustworthy.

Drift detection

This is one of the most useful features in practice.

After you get a deployment into a good state:

agent-optimizer snapshot save --name golden

Later, after a package upgrade, config edit, or plugin change:

agent-optimizer drift --name golden

That lets you catch:

• fallback changes
• context changes
• heartbeat regressions
• plugin allowlist drift
• tool permission changes

This is much better than relying on memory, tribal knowledge, or "I'm pretty sure nothing important changed".

Free vs paid

I did not want to cripple the useful part.

So the split is simple.

Free

• audit
• scan
• optimize --dry-run
• snapshot
• drift

Paid

• automatic fix application
• optimization write-back
• rollback
• fleet SSH auditing

That means you can get the full diagnosis for free, then decide whether you want the tool to apply changes automatically.

That felt like the only sane model.

Why I built it

Because agent configuration debt is real, boring, and expensive.

The dangerous setups are not always the ones that crash.

They are usually the ones that:

• mostly work
• cost too much
• fail over badly
• drift slowly
• stay unreviewed because nobody has time to inspect the whole stack manually

That should not require a checklist and an afternoon.

It should be a CLI.

So now it is.

Try it

If you are running OpenClaw agents and want to know whether they are:

• wasting tokens
• misconfigured
• insecure
• drifting
• or just quietly more expensive than they should be

start here:

npm install -g @drakon-systems/agent-optimizer
agent-optimizer audit

• GitHub: https://github.com/Drakon-Systems-Ltd/agent-optimizer
• npm: https://www.npmjs.com/package/@drakon-systems/agent-optimizer

If it catches one ugly fallback chain, one stale auth profile, or one quietly expensive heartbeat schedule, it has done its job.