← Back to Skills Marketplace
whyhit2005

proxy-token-optimizer

by whyhit2005 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
253
Downloads
1
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install proxy-token-optimizer
Description
Optimize LLM token usage and API costs for the openclaw-manager proxy platform. Provides model-tier routing (route simple prompts to glm-4.7-flashx instead o...
Usage Guidance
This skill appears to do what it claims (routing, context optimization, heartbeat config, and DB-backed usage reports) but there are red flags you should address before enabling it widely: - always: true is set. That forces this skill into every agent run. Remove or justify always: true unless you need the skill globally; prefer explicit invocation. - The platform-side scripts import app.database and app.settings and will query PostgreSQL. That requires running inside the openclaw-manager environment with DB credentials present — but the skill does not declare these credentials or config paths. Treat DB access as sensitive: require explicit user consent before running those commands and restrict where the skill can run. - If you plan to use the usage_report/quota_advisor features, run them manually from the openclaw-manager project root in a controlled environment first. Inspect the queries and ensure they only read required tables/columns and that the DB user has least privilege. - Because the skill writes files (AGENTS.md.optimized and other patches), review generated output before applying it to production configs. - If you enable autonomous invocation, restrict the skill's triggers or remove always: true; otherwise the agent may call into code that touches your DB without explicit operator confirmation. Bottom line: the code is coherent with the stated purpose, but the combination of always: true + undeclared DB access is disproportionate and worth fixing before installation.
Capability Analysis
Type: OpenClaw Skill Name: proxy-token-optimizer Version: 1.0.1 The skill bundle provides legitimate LLM cost-optimization tools but includes high-risk capabilities, such as direct access to the platform's PostgreSQL database to query sensitive usage records in 'usage_report.py' and 'quota_advisor.py'. It also utilizes the 'always: true' metadata flag in 'SKILL.md', which allows the skill to intercept and modify the agent's behavior for every prompt. While the code appears well-written and lacks clear evidence of malicious intent or data exfiltration, the combination of broad database access and persistent prompt-level interception meets the threshold for a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description align with the included scripts: model routing, context lazy-loading, heartbeat patch generation, and PostgreSQL-backed usage reports. However, the skill includes platform-side code that expects an openclaw-manager runtime (DB/session/settings) but the skill declares no required environment variables or config paths to indicate that database credentials or project context are needed.
Instruction Scope
SKILL.md and the scripts instruct the agent/operator to query the usage_records PostgreSQL table and import app.database/app.settings when running platform-side reports. The README also directs automatic use 'whenever the user mentions token optimization', which combined with always: true grants broad discretionary invocation. The instructions do not explicitly require user confirmation before running DB queries or clarify which commands require elevated access.
Install Mechanism
There is no install spec (instruction-only install), so nothing is fetched from external URLs or installed automatically. All code ships inside the skill bundle; this is low-install risk.
Credentials
Platform-side scripts need access to the project's DB/session and settings (they import app.database and app.settings), which implies database credentials/config are required. The skill declares no required env vars or config paths (primaryEnv is none). This is a mismatch: the skill will only work if run within the openclaw-manager environment, and the lack of explicit credential/config requirements obscures the fact that it may access sensitive DB records.
Persistence & Privilege
The skill metadata sets always: true (force-included in every agent run). That is a significant privilege here because the skill contains code capable of querying local project databases. Always-enabled combined with potential autonomous invocation increases the blast radius; the SKILL.md's broad trigger rules strengthen the concern because the skill could be invoked in many contexts without explicit user intent.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install proxy-token-optimizer
  3. After installation, invoke the skill by name or use /proxy-token-optimizer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added SKILL metadata: now always active for openclaw-manager via `"openclaw": {"always": true}`. - Included new project files: CHANGELOG.md, README.md, SECURITY.md, .clawhubsafe, and others. - No functional changes to optimization logic or documentation content.
v1.0.0
Initial release: Proxy Token Optimizer for openclaw-manager - Adds model-tier routing to automatically use the cheapest LLM model capable of handling each prompt. - Implements heartbeat call optimization: routes to the cheapest model and configures longer heartbeat intervals to reduce costs. - Introduces context lazy loading to load only necessary context files based on prompt complexity, minimizing unnecessary token usage. - Provides platform-level usage analytics and real-time quota-matching advice using actual data from PostgreSQL. - Includes a unified CLI covering model routing, context optimization, heartbeat configuration, usage reports, and quota analysis.
Metadata
Slug proxy-token-optimizer
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is proxy-token-optimizer?

Optimize LLM token usage and API costs for the openclaw-manager proxy platform. Provides model-tier routing (route simple prompts to glm-4.7-flashx instead o... It is an AI Agent Skill for Claude Code / OpenClaw, with 253 downloads so far.

How do I install proxy-token-optimizer?

Run "/install proxy-token-optimizer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is proxy-token-optimizer free?

Yes, proxy-token-optimizer is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does proxy-token-optimizer support?

proxy-token-optimizer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created proxy-token-optimizer?

It is built and maintained by whyhit2005 (@whyhit2005); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments