โ Back to Skills Marketplace
TokenSaver Korean
by
dorongss
ยท GitHub โ
ยท v2.0.0
ยท MIT-0
107
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install token-saver-korean
Description
๐ง ํ๊ตญ์ด Context DB for AI Agents โ ํ ํฐ 91% ์ ๊ฐ. ์๋ฒ ๋ฉ ์๋ฏธ ๊ฒ์, ์ค๋ณต ์๋ ๋ณํฉ, ๋ฉ๋ชจ๋ฆฌ ๊ณ์ธตํ(Hot/Warm/Cold), ์๋ ์์นด์ด๋ธ, WAL ํ๋กํ ์ฝ, ์ํฐํฐ ์ถ์ถ. Korean-first + English support.
Usage Guidance
This skill appears to implement what it claims, but exercise caution before installing or running it:
- Inspect and (if needed) remove or edit init_bora_context.py before running. It contains hard-coded Windows paths that read several workspace files and then save them into the memory DB; these files could contain sensitive info and will be sent (for embedding) to the external Fireworks API if a key is present.
- Only provide a FIREWORKS_API_KEY you trust. Treat that key as granting the embedding service access to any text you send.
- If you want to try the skill safely, run it in an isolated environment or test VM, and do not export your real workspace paths or secrets into that environment.
- Confirm you are happy with local storage of embeddings.json/wal.json and where client.save_memory persists data.
- The README contains an odd npm-related instruction for installing a Python packageโreview packaging/install steps carefully before copying files into ~/.openclaw or running automated install commands.
If you want higher assurance, ask the author for a version of the initializer that prompts before reading files or accepts explicit file paths, and a minimal README that documents exactly which local paths the skill will read and what data it will send to api.fireworks.ai.
Capability Analysis
Type: OpenClaw Skill
Name: token-saver-korean
Version: 2.0.0
The skill bundle contains a script, 'init_bora_context.py', which uses hardcoded absolute Windows file paths targeting a specific user's directory ('C:\Users\Roken\.openclaw\workspace\'). This script attempts to read sensitive agent files such as 'SOUL.md', 'IDENTITY.md', and 'USER.md' to ingest them into the TokenSaver database. While the core logic in 'token_saver/client.py' appears to be a legitimate context management tool using Fireworks AI for embeddings, the inclusion of environment-specific scripts that target sensitive identity files from a hardcoded local path is a high-risk behavior. There is no clear evidence of intentional exfiltration to an attacker-controlled domain, but the targeting of specific local files makes the bundle suspicious.
Capability Tags
Capability Assessment
Purpose & Capability
The declared purpose (Korean-first context DB with embedding search, dedup, tiers, WAL) aligns with the code and requirements: the client uses an embedding API and NLP libs (konlpy/nltk). Requesting FIREWORKS_API_KEY matches the EmbeddingManager which posts to api.fireworks.ai. However some README/installation hints (npm steps for an otherwise Python package) and the presence of a platform-specific initializer script suggest sloppy packaging or environment assumptions.
Instruction Scope
SKILL.md describes generic initialization and 'automatic workspace detection', but init_bora_context.py contains hard-coded Windows paths (C:\Users\Roken\.openclaw\workspace\...) and will read local files (MEMORY.md, USER.md, SOUL.md, AGENTS.md, IDENTITY.md) and then call client.save_memory() and generate embeddings. That means local workspace documents could be read and (via the embedding API) transmitted externally; this behavior is not explicitly surfaced in SKILL.md and is scope-creep from a user-perspective.
Install Mechanism
There is no remote download or opaque installer: dependencies are standard Python packages (konlpy, nltk) referenced in SKILL.md and pyproject. No suspicious external URL downloads or extract operations were found. The only network call in code is to the Fireworks embeddings endpoint which is expected for an embedding-based skill.
Credentials
Only FIREWORKS_API_KEY is required, which is proportionate to using an external embedding provider. However the key would be used to send content (possibly sensitive) to the fireworks.ai API; requiring a single embedding API key is reasonable but the combination with the initializer that reads local files increases the risk of unintended data transmission. No other unrelated secrets are requested.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide configs. It stores embeddings and some JSON files locally (embeddings.json, wal.json) which is expected for a local context DB. The initializer modifies/reads local workspace files only (no evidence of escalating privileges), but that local access is environment-specific and should be reviewed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install token-saver-korean - After installation, invoke the skill by name or use
/token-saver-korean - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
v2.0: ์๋ฒ ๋ฉ ์๋ฏธ ๊ฒ์, ์ค๋ณต ์๋ ๋ณํฉ, ๋ฉ๋ชจ๋ฆฌ ๊ณ์ธตํ(Hot/Warm/Cold), ์๋ ์์นด์ด๋ธ, ์ํฐํฐ ์ถ์ถ, nltk ์ง์
Metadata
Frequently Asked Questions
What is TokenSaver Korean?
๐ง ํ๊ตญ์ด Context DB for AI Agents โ ํ ํฐ 91% ์ ๊ฐ. ์๋ฒ ๋ฉ ์๋ฏธ ๊ฒ์, ์ค๋ณต ์๋ ๋ณํฉ, ๋ฉ๋ชจ๋ฆฌ ๊ณ์ธตํ(Hot/Warm/Cold), ์๋ ์์นด์ด๋ธ, WAL ํ๋กํ ์ฝ, ์ํฐํฐ ์ถ์ถ. Korean-first + English support. It is an AI Agent Skill for Claude Code / OpenClaw, with 107 downloads so far.
How do I install TokenSaver Korean?
Run "/install token-saver-korean" in the OpenClaw or Claude Code chat to install it in one step โ no extra setup required.
Is TokenSaver Korean free?
Yes, TokenSaver Korean is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does TokenSaver Korean support?
TokenSaver Korean is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TokenSaver Korean?
It is built and maintained by dorongss (@dorongss); the current version is v2.0.0.
More Skills