← Back to Skills Marketplace
Overkill Token Optimizer
by
Broedkrummen
· GitHub ↗
· v1.0.3
455
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install broedkrummen-overkill-token-optimizer
Description
Optimize and manage session tokens for workspace memory with commands to check usage, reset, index, search, and compress tokens.
README (SKILL.md)
Overkill Token Optimizer
Token optimization for OpenClaw agents. Reduces token usage through CLI compression, session management, and memory optimization.
Prerequisites
Required: oktk CLI must be installed manually:
npm install -g oktk
Or see: https://github.com/satnamra/oktk
Features
- Token stats - View session token usage
- Session indexing - Index old sessions for search
- Hybrid search - Semantic + keyword search
- CLI compression - Compress command outputs (requires oktk)
CLI Commands
# Show token usage statistics
token-optimizer stats
# Check optimization level
token-optimizer check
# Index sessions for search
token-optimizer index
# Search sessions (use --hybrid for semantic+keyword)
token-optimizer search "query" --hybrid
# Compress command output (requires oktk)
token-optimizer compress git status
Configuration
Set custom oktk path:
export OKTK_BIN=/path/to/oktk
Storage
- Session index:
~/.openclaw/workspace-memory-builder/.session_index/
Overkill Token Optimizer v1.0.3
Usage Guidance
This skill appears to do what it says (operate on local session files and call a compression/indexing CLI), but there are several red flags you should consider before installing or running it:
- Do NOT run curl -sSL https://get.oktk.io | sh or any unattended install script without inspecting its contents first. The package includes a FRAMEWORK.md that suggests that script — treat it as untrusted until you review it.
- Review the oktk project's source (the repo referenced in SKILL.md) and its npm package to ensure it's legitimate and that you trust running it on your machine.
- The CLI will read your session files under ~/.openclaw/workspace-memory-builder/memory/*.md and will write an index under ~/.openclaw/workspace-memory-builder/.session_index/. If these files contain sensitive data, be aware the tool accesses them (this is expected for a token optimizer).
- The included Python CLI has several issues/typos (a malformed import block, duplicated constants, and user-facing typos like "oktl" and a wrong npm install message) which suggest the code hasn't been well-tested. Expect runtime errors; inspect/execute the code in a safe environment (container/VM) first.
- Because compress/index operations invoke external binaries and may run arbitrary commands (via oktk), avoid giving the agent automatic/autonomous permission to call these commands, or restrict usage until you've verified behavior.
If you want to proceed: inspect the code locally, audit the oktk installer and package, run the tool in an isolated environment first, and back up any session data before running reset/confirm operations.
Capability Analysis
Type: OpenClaw Skill
Name: broedkrummen-overkill-token-optimizer
Version: 1.0.3
The skill is classified as suspicious due to a critical Remote Code Execution (RCE) vulnerability. The `cli.py` script executes an external `oktk` binary, whose path is determined by the `OKTK_BIN` environment variable (defined in `config.py`). If an attacker can control this environment variable (e.g., by setting `OKTK_BIN=/bin/sh`), they can execute arbitrary commands via the `token-optimizer compress <command>` functionality, as the user-supplied `<command>` is passed directly to the `subprocess.run` call. While the skill's stated purpose is benign, this vulnerability allows for unauthorized command execution.
Capability Assessment
Purpose & Capability
The name/description match the behavior: the code and docs operate on local workspace session files (~/.openclaw/workspace-memory-builder) and call an external oktk CLI to compress CLI output and index/search sessions. _meta.json and SKILL.md both reference npm/oktk which is consistent with the stated purpose.
Instruction Scope
SKILL.md instructs only local operations (indexing, searching, compressing, resetting sessions) and to install the oktk CLI. The code reads session files and writes an index under the stated storage path, which is expected. However FRAMEWORK.md (bundled in the package) also suggests running an external curl install (curl -sSL https://get.oktk.io | sh) — that is not in the main SKILL.md but is included and raises risk because it instructs running a remote install script. The CLI will run user-supplied commands (via the compress command) through oktk, which is expected functionality but means you should be cautious about what commands are passed or allowed to run automatically.
Install Mechanism
There is no formal install spec for the skill (instruction-only), but both SKILL.md and FRAMEWORK.md tell the user to install oktk. FRAMEWORK.md recommends running a curl-get script (get.oktk.io) which is higher-risk than installing from a known vetted release; the SKILL.md suggests npm install -g oktk (safer if package is legitimate). Because the skill relies on a third-party CLI that would be installed from the network, you should review the oktk project and any install scripts before running them.
Credentials
The skill does not request secrets or credentials; the only configurable environment variable is OKTK_BIN (path to the oktk binary). That is proportionate to a tool that wraps a local CLI. _meta.json lists required_binaries including npm and oktk which aligns with the need to install oktk.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide config changes. It reads/writes only to its own workspace directory under the user's home (~/.openclaw/...), which is expected for a token optimizer. The default ability for the model to invoke the skill autonomously is present but not combined with other high-risk privileges in this package.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install broedkrummen-overkill-token-optimizer - After installation, invoke the skill by name or use
/broedkrummen-overkill-token-optimizer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
v1.0.3 - Fixed warnings: manual oktk install, declared npm dependency, removed auto-install
v1.0.2
v1.0.2 - Auto-install oktk if not found
v1.0.1
v1.0.1 - Token optimizer CLI with stats, check, reset, index, search, compress
Metadata
Frequently Asked Questions
What is Overkill Token Optimizer?
Optimize and manage session tokens for workspace memory with commands to check usage, reset, index, search, and compress tokens. It is an AI Agent Skill for Claude Code / OpenClaw, with 455 downloads so far.
How do I install Overkill Token Optimizer?
Run "/install broedkrummen-overkill-token-optimizer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Overkill Token Optimizer free?
Yes, Overkill Token Optimizer is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Overkill Token Optimizer support?
Overkill Token Optimizer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Overkill Token Optimizer?
It is built and maintained by Broedkrummen (@broedkrummen); the current version is v1.0.3.
More Skills