← Back to Skills Marketplace
edmonddantesj

Token Guard

by edmonddantesj · GitHub ↗ · v1.5.0
cross-platform ⚠ suspicious
930
Downloads
0
Stars
5
Active Installs
3
Versions
Install in OpenClaw
/install token-guard
Description
Prevents LLM API 429 errors by estimating tokens, tracking quotas, throttling requests, detecting duplicates, caching responses, and auto-fallback by model.
Usage Guidance
Summary of things to consider before installing: - The implementation and documentation disagree. SKILL.md promises caching, duplicate detection, record_usage/cache_response/record_429 helpers and richer behavior; the shipped script only provides TokenGuard.check_quota(...) and saves simple usage/request counters. If you rely on the advertised APIs they will fail. Ask the author for a matching release or updated code. - The script writes a state.json file (usage counters and timestamps) into the skill's base directory by default. This is normal for quota tracking but confirm the path is acceptable and writable in your environment if you care about where files are stored. - There are no network calls, no environment variables read, and no obvious exfiltration of prompts/responses in the code. That reduces risk, but the mismatch between docs and code is a functional risk: an agent expecting missing methods may error or behave unpredictably. - Recommended actions: (1) run the script in a sandboxed environment to verify behavior, (2) request a corrected SKILL.md or an updated script implementing the advertised features (or modify the agent to only call check_quota), and (3) inspect/monitor the created state.json while testing to ensure no sensitive data is written. If you need the advertised caching/duplicate-detection, do not deploy this version until those features are implemented.
Capability Analysis
Type: OpenClaw Skill Name: token-guard Version: 1.5.0 The OpenClaw skill 'token-guard' is designed to prevent LLM API rate limits by tracking token usage and throttling requests. The `SKILL.md` documentation clearly outlines its purpose and features without containing any prompt injection attempts. The `scripts/token_guard.py` implementation uses standard Python libraries, manages its state locally via an atomically written `state.json` file, and does not perform any network calls, execute arbitrary commands, or access sensitive user data. While the 'compaction' logic could be manipulated by an agent to bypass quota limits for specific prompts, this is a functional bypass of the quota system, not a security vulnerability leading to RCE or data exfiltration. The skill aligns with its stated purpose and lacks any indicators of malicious intent or significant security risks.
Capability Assessment
Purpose & Capability
Name/description imply a token/429 prevention engine and the included TokenGuard class does implement basic TPM/RPM checks and atomic state writes, which aligns with the stated purpose. However SKILL.md advertises multiple features (duplicate detection, response caching, 429 parser, record_usage/cache_response/record_429 methods, auto model fallback chains, etc.) that are not implemented in scripts/token_guard.py. That mismatch means the skill does not actually provide many of the advertised capabilities.
Instruction Scope
SKILL.md usage examples instruct callers to call guard.record_usage(...), guard.cache_response(...), guard.record_429(...), and other methods, but the code only exposes TokenGuard.check_quota(...) and no record/cache methods. The instructions therefore direct an agent/developer to call non-existent APIs, which will cause runtime errors or undefined behavior. The README also claims duplicate detection and caching, but the code does not store prompts or responses or implement duplicate blocking — so the runtime scope described is inaccurate.
Install Mechanism
No install spec is provided (instruction-only skill with a single script). No external downloads or package installs are required, which minimizes install-time risk.
Credentials
The skill requests no environment variables or credentials and the code does not read environment variables, secrets, or network endpoints. It does write a local state file but does not log prompt contents or responses, so credential or prompt exfiltration is not apparent.
Persistence & Privilege
TokenGuard writes a state.json file by default into a directory computed relative to the script (base_dir = two directories above the script). That creates persistent state on disk (usage counts, request counts, window_start). This is expected for quota tracking but you should note where files will be written and whether that location is writable or appropriate. always:false and no special privileges requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install token-guard
  3. After installation, invoke the skill by name or use /token-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.0
Added Atomic Write (file corruption protection), In-Memory Caching (IO boost), and RPM Rate Limiting.
v1.1.0
Improved resilience against network retries and fixed infinite hang issue by allowing non-cached duplicates to proceed with a warning. Increased duplicate threshold from 3 to 5.
v1.0.0
Initial release: pre-flight token estimation, quota tracking, duplicate detection, auto model fallback, 429 parser. Zero dependencies. Bootstrap compatible.
Metadata
Slug token-guard
Version 1.5.0
License
All-time Installs 6
Active Installs 5
Total Versions 3
Frequently Asked Questions

What is Token Guard?

Prevents LLM API 429 errors by estimating tokens, tracking quotas, throttling requests, detecting duplicates, caching responses, and auto-fallback by model. It is an AI Agent Skill for Claude Code / OpenClaw, with 930 downloads so far.

How do I install Token Guard?

Run "/install token-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Token Guard free?

Yes, Token Guard is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Token Guard support?

Token Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Token Guard?

It is built and maintained by edmonddantesj (@edmonddantesj); the current version is v1.5.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments