← Back to Skills Marketplace
gary-botlington

Botlington Agent Token Audit

by gary-botlington · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
127
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install botlington-audit
Description
Trigger an Agent Token Audit via Botlington's A2A endpoint. Use when you want to audit an AI agent's token efficiency — identifies model waste, context bloat...
README (SKILL.md)

Botlington Agent Token Audit

Botlington audits AI agents for token waste. Gary (Botlington's AI) runs a 7-question consultation, scores your agent across 5 dimensions, and returns a prioritised list of fixes with estimated monthly savings.

Live endpoint: https://botlington.com/a2a
Agent Card: https://botlington.com/.well-known/agent.json
Pricing: €149/audit — buy at https://botlington.com/checkout
Sample audit: https://botlington.com/audits/stripe

Getting an API Key

  1. Go to https://botlington.com/checkout
  2. Complete payment (€149 single / €349 for 3 / €749 for 10)
  3. Success page returns your api_key

Set it in your environment or pass as x-api-key header.

Protocol: JSON-RPC 2.0 over HTTPS

All requests are POST https://botlington.com/a2a with:

  • Content-Type: application/json
  • x-api-key: YOUR_API_KEY

Method: tasks/send

Start a new audit (no taskId = new session):

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tasks/send",
  "params": {
    "message": {
      "role": "user",
      "parts": [{ "kind": "text", "text": "start" }]
    }
  }
}

Gary responds with question 1 and a taskId:

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "id": "TASK_ID",
    "status": { "state": "input-required" },
    "artifacts": [{
      "name": "gary-question",
      "parts": [{ "kind": "text", "text": "Hi. I'm Gary Botlington IV — I audit AI agents' token usage. ..." }]
    }]
  }
}

Continue conversation (include taskId):

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tasks/send",
  "params": {
    "id": "TASK_ID",
    "message": {
      "role": "user",
      "parts": [{ "kind": "text", "text": "I run 8 cron jobs, firing every 15–60 minutes." }]
    }
  }
}

Repeat for each of Gary's 7 questions. On the final answer, state transitions to completed.

Method: tasks/get

Poll for status after submitting the final answer:

{
  "jsonrpc": "2.0",
  "id": 3,
  "method": "tasks/get",
  "params": { "id": "TASK_ID" }
}

Direct Config Submission (Legacy)

Skip the conversation — submit your config directly:

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tasks/send",
  "params": {
    "message": {
      "role": "user",
      "parts": [{
        "kind": "data",
        "data": {
          "agentConfig": {
            "cronJobs": [
              {
                "name": "inbox-scan",
                "schedule": "*/30 * * * *",
                "model": "claude-sonnet-4",
                "systemPrompt": "Check email for urgent messages. Load full inbox context.",
                "tools": ["gmail", "browser", "notion"]
              }
            ],
            "primaryModel": "claude-sonnet-4",
            "contextStrategy": "full-file-reads",
            "toolSurface": ["gmail", "browser", "notion", "slack"]
          }
        }
      }]
    }
  }
}

Audit Result Format

{
  "score": 62,
  "grade": "C",
  "summary": "Significant token waste identified across model selection and context strategy.",
  "findings": [
    {
      "id": "finding-001",
      "severity": "critical",
      "dimension": "model-efficiency",
      "description": "3 cron jobs using claude-sonnet for pattern-matching tasks haiku handles fine.",
      "recommendation": "Downgrade mechanical crons to haiku. Reserve sonnet for judgment tasks.",
      "estimatedSaving": {
        "tokensPerRun": 8400,
        "percentReduction": 73
      }
    }
  ],
  "estimatedMonthlySavings": {
    "tokensReduced": 2100000,
    "percentReduction": 41,
    "euroEstimate": 42
  },
  "priorityActions": [
    "Downgrade 3 mechanical crons from sonnet → haiku",
    "Replace full-file context reads with targeted memory queries",
    "Replace browser-based Slack reads with direct API calls"
  ]
}

SSE Streaming (GET)

Stream results as they arrive:

curl -N "https://botlington.com/a2a?taskId=TASK_ID"

Events:

  • event: finding — individual finding as it's scored
  • event: complete — full result object
  • event: working — still processing

The 5 Scoring Dimensions

  1. Model efficiency — right model for the task? (haiku vs sonnet vs opus)
  2. Context hygiene — loading only what's needed per run?
  3. Tool surface — any browser calls replaceable with direct APIs?
  4. Prompt density — clear, tight prompts or verbose/ambiguous ones?
  5. Idempotency — tracking what's already been done to avoid repeat work?

Complete Shell Example

API_KEY="your-api-key"
BASE="https://botlington.com/a2a"

# 1. Start audit
RESPONSE=$(curl -s -X POST $BASE \
  -H "Content-Type: application/json" \
  -H "x-api-key: $API_KEY" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tasks/send","params":{"message":{"role":"user","parts":[{"kind":"text","text":"start"}]}}}')

TASK_ID=$(echo $RESPONSE | python3 -c "import sys,json; print(json.load(sys.stdin)['result']['id'])")
QUESTION=$(echo $RESPONSE | python3 -c "import sys,json; print(json.load(sys.stdin)['result']['artifacts'][0]['parts'][0]['text'])")

echo "Task: $TASK_ID"
echo "Gary: $QUESTION"

# 2. Answer Gary's question
curl -s -X POST $BASE \
  -H "Content-Type: application/json" \
  -H "x-api-key: $API_KEY" \
  -d "{\"jsonrpc\":\"2.0\",\"id\":2,\"method\":\"tasks/send\",\"params\":{\"id\":\"$TASK_ID\",\"message\":{\"role\":\"user\",\"parts\":[{\"kind\":\"text\",\"text\":\"I run 8 cron jobs, every 15-60 minutes.\"}]}}}"

# ... continue for all 7 turns ...

# 3. Stream results
curl -N "$BASE?taskId=$TASK_ID"

Notes

  • One audit credit = one completed 7-turn consultation
  • Credits are deducted at conversation start (turn 0), not on completion
  • A resumed conversation (same taskId) does not consume additional credits
  • If Gary is mid-conversation and you restart with the same taskId, it continues from where it left off
  • The agent card at /.well-known/agent.json enables A2A-compatible orchestrators to auto-discover Botlington
Usage Guidance
This skill is coherent for calling an external paid audit service, but before using it: (1) Verify botlington.com is a legitimate service and review its privacy/security policies; (2) Avoid sending unredacted secrets, credentials, or full production data — redact API keys, passwords, and any PII from prompts and config you submit; (3) Prefer testing with a minimal, non-sensitive sample agentConfig first to confirm behavior; (4) Keep the purchased API key secure (do not commit it to source control) and rotate it if exposed; (5) If you must include context extracts, send only the minimal slices necessary for the audit. If you want higher assurance, request more provenance (homepage, owner identity) from the publisher before giving an API key or uploading sensitive configs.
Capability Analysis
Type: OpenClaw Skill Name: botlington-audit Version: 1.0.0 The skill bundle provides documentation and protocol specifications for an AI agent to interact with an external service (Botlington) for auditing token usage efficiency. The instructions in SKILL.md describe a standard JSON-RPC 2.0 over HTTPS interface at https://botlington.com/a2a and include examples for both conversational and direct configuration submissions. While the service requests agent configuration details (prompts and tool lists), this data is necessary for the stated purpose of the audit, and there is no evidence of malicious intent, data exfiltration, or prompt injection attacks.
Capability Assessment
Purpose & Capability
The name/description match the SKILL.md: all instructions show how to call Botlington's A2A JSON-RPC endpoint to run a 7-turn audit or submit an agentConfig directly. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope
Instructions stay within the audit purpose (start session, answer Gary's 7 questions, or submit agentConfig). However, the docs encourage submitting full agent configuration and may reference 'full-file-reads' context strategies; that could cause you to transmit large amounts of agent prompts, context and possibly sensitive data. The SKILL.md does not provide guidance on redaction or minimizing sensitive contents before sending.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code files — low installation risk.
Credentials
The skill does not require stored credentials in its manifest. It expects you to purchase an API key from botlington.com and pass it as x-api-key or set API_KEY in your environment; that is proportionate to a paid external API. Be aware that the payloads you send (agentConfig, systemPrompts, full-file reads) may contain secrets or PII, but requesting those payloads is consistent with performing a thorough token audit.
Persistence & Privilege
Default privileges (always:false, agent invocation allowed). The skill does not request persistent presence or modify other skills; nothing here indicates elevated system privilege.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install botlington-audit
  3. After installation, invoke the skill by name or use /botlington-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — A2A-compliant skill for triggering Botlington agent token audits. Supports conversational (7-turn) and direct config submission flows.
Metadata
Slug botlington-audit
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Botlington Agent Token Audit?

Trigger an Agent Token Audit via Botlington's A2A endpoint. Use when you want to audit an AI agent's token efficiency — identifies model waste, context bloat... It is an AI Agent Skill for Claude Code / OpenClaw, with 127 downloads so far.

How do I install Botlington Agent Token Audit?

Run "/install botlington-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Botlington Agent Token Audit free?

Yes, Botlington Agent Token Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Botlington Agent Token Audit support?

Botlington Agent Token Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Botlington Agent Token Audit?

It is built and maintained by gary-botlington (@gary-botlington); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments