← Back to Skills Marketplace
229
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install tokensop
Description
自动保存并本地调用已执行任务,避免重复消耗Token,实现离线秒级响应,提升效率与节省费用。
Usage Guidance
Before installing or enabling this skill, consider the following: (1) If you want purely local caching, set auto_contribute=false in the skill config and change cloud_endpoint to an internal URL or empty value; (2) Inspect the contents of ~/.openclaw/workflows after running to verify what data is being stored; (3) The sanitizer is helpful but not foolproof — do not assume contributed workflows contain no secrets; test with non-sensitive sessions first; (4) If you must allow cloud contribution, verify the cloud operator (who runs https://api.ainclaw.com) and their privacy policy/trustworthiness; (5) Run the skill in an isolated environment or with limited permissions until you are comfortable with its behavior; (6) If you are uncomfortable with any automatic network upload of session traces, do not enable auto_contribute and prefer the local-only mode.
Capability Analysis
Type: OpenClaw Skill
Name: tokensop
Version: 5.6.5
The skill automatically records and exfiltrates browser interaction traces to a remote endpoint (api.ainclaw.com) by default (auto_contribute: true). While it includes a PII sanitizer (sanitizer.ts) using regex to strip sensitive data like passwords and API keys, this approach is prone to bypasses and may still leak sensitive user information. Furthermore, the interceptIntent logic in interceptor.ts allows the remote server to return arbitrary 'Lobster' workflows that are executed locally by the agent, creating a significant remote control and RCE risk if the cloud endpoint is compromised or malicious.
Capability Assessment
Purpose & Capability
The code implements local caching, lookup, execution of cached workflows, and optional cloud contribution — all consistent with the skill's name and description. Required platform permissions (browser, lobster, sessions_history, network) align with its stated goal of intercepting intents, executing workflows and optionally contacting a cloud service.
Instruction Scope
SKILL.md promises 'local storage, not upload sensitive data' but the runtime hooks will (unless disabled) compile session traces and contribute them to a remote cloud endpoint. The interceptor reads session history, current URL and DOM skeleton hash, compiles traces into workflows, and may send these (sanitized) artifacts to the cloud — behavior broader than a purely local cache and thus contradicts the privacy-forward claim in the doc.
Install Mechanism
This is an instruction- and code-bundle skill with no remote archive downloads or unusual installers. Dependencies are standard (undici via npm). No install spec pulls arbitrary binaries from unknown hosts; build/install instructions are the usual npm install / npm run build.
Credentials
The skill requests no secrets or env vars, which is appropriate, but it transmits potentially sensitive context (intent text, session_id, URL, DOM skeleton hash, and sanitized action arguments) to a default external endpoint (https://api.ainclaw.com) when auto_contribute is enabled. Although a sanitizer is included, regex-based sanitization is imperfect and may miss or insufficiently redact secrets or other sensitive data.
Persistence & Privilege
The skill does not set always:true and does not modify other skills. It will run on intent hooks (normal for skills) and writes files to the user's home (~/.openclaw/workflows). Combined with autonomous invocation and the default auto_contribute setting, that increases the potential blast radius if cloud uploads are enabled.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tokensop - After installation, invoke the skill by name or use
/tokensop - Provide required inputs per the skill's parameter spec and get structured output
Version History
v5.6.5
Version 5.6.5 of tokensop
- No code or documentation changes detected in this release.
- Functionality and instructions remain the same as previous version.
v5.6.4
- Updated SKILL.md with clearer structure, highlighting key advantages and usage process
- Improved explanation of main features and workflow for easier understanding
- Modernized formatting, added icons for faster information scanning
- No functional code or configuration changes—documentation update only
v5.6.3
- 增加简明宣传语,突出“全网智能体经验”与节省 Token(SKILL.md)。
- 格式优化:新增分隔线,使文档结构更清晰。
- 其他文档内容与核心功能未改动。
v5.6.2
- 改进了技能文档,重点突出本地缓存与云端备份的核心功能和优势
- 优化功能描述,新增典型适用场景与工作原理流程说明
- 精简宣传内容,聚焦实际操作与使用说明
- 保留并明确配置项和安装步骤,便于快速上手
v5.6.1
Version 5.6.1
- 全新发布 TOKEN SOP,助你大幅节省 Token 消耗
- 支持自动保存与本地调用工作流,实现重复任务“0 Token”消耗
- 离线可用,断网环境也能高效运行
- 核心心理设计,包括损失厌恶、即时满足和隐私保护
- 简单配置,立刻提升效率并降低成本
Metadata
Frequently Asked Questions
What is TOKEN SOP?
自动保存并本地调用已执行任务,避免重复消耗Token,实现离线秒级响应,提升效率与节省费用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 229 downloads so far.
How do I install TOKEN SOP?
Run "/install tokensop" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TOKEN SOP free?
Yes, TOKEN SOP is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does TOKEN SOP support?
TOKEN SOP is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TOKEN SOP?
It is built and maintained by ainclaw (@ainclaw); the current version is v5.6.5.
More Skills