โ† Back to Skills Marketplace
satnamra

Oktk

by satnamra ยท GitHub โ†— ยท v2.4.0
cross-platform โš  suspicious
1122
Downloads
0
Stars
0
Active Installs
12
Versions
Install in OpenClaw
/install oktk
Description
LLM Token Optimizer - Reduce AI API costs by 60-90%. Compresses CLI outputs (git, docker, kubectl) before sending to GPT-4/Claude. AI auto-learning included. By Buba Draugelis ๐Ÿ‡ฑ๐Ÿ‡น
Usage Guidance
This skill appears to implement what it claims (compress CLI outputs) but it also stores persistent data and logs locally by default. Things to consider before installing: - It expects Node and contains a CLI; confirm whether the registry metadata (which omitted node) matches your install path. Ensure you run it with Node >=18 if you use the included scripts. - By default analytics and caching are enabled and write to ~/.oktk (savings.log, stats.json, cache/, learned/). If you don't want local telemetry, set OKTK_DISABLE=true and/or OKTK_DEBUG=0 before running, or inspect/clean ~/.oktk after testing. - The analytics sanitizes some secret patterns but may not catch all sensitive data; avoid piping extremely sensitive outputs (full tokens, secrets) through the filter until you review the code and test in an isolated environment. - The AI-learning feature creates learned-pattern files in your home (~/.oktk/learned) when enabled (OKTK_AI_LEARN=1). If you prefer no learning, keep it disabled. - Because the registry metadata and SKILL.md differ about required binaries/env, review package.json and scripts locally before trusting an automated install. Test the tool in a disposable environment (or a VM/container) to verify behavior and file writes. Overall: reasonable functionality but with privacy/persistence surprises and metadata inconsistencies โ€” review and test before enabling in production.
Capability Analysis
Type: OpenClaw Skill Name: oktk Version: 2.4.0 The skill bundle contains a critical shell injection vulnerability in `scripts/oktk.js`. The `oktk` script directly executes user-provided command strings via `child_process.execSync` without proper sanitization, allowing arbitrary command execution if a malicious input is provided to `oktk`. The `scripts/oktk-aliases.sh` also constructs commands in a way that can trigger this vulnerability. While this poses a severe Remote Code Execution risk, there is no evidence of intentional malicious behavior such as data exfiltration or persistence mechanisms; it appears to be an unintentional flaw in handling command arguments, classifying it as suspicious rather than malicious.
Capability Assessment
โ„น Purpose & Capability
The code implements filters/caching/analytics that align with the 'token optimizer' description. However SKILL.md declares node as a required binary while the registry metadata lists no required binaries โ€” an inconsistency. The presence of analytics, cache, and AI-learning subsystems is plausible for this tool but expands scope beyond a minimal 'output compressor' (it persists learning, stats, and cache).
โš  Instruction Scope
SKILL.md instructs users to pipe outputs and source shell aliases; that is expected. But runtime behavior (from implementation files) includes writing logs, stats, cache, and learned-pattern files under the user's home directory (~/.oktk) and reading/writing config there. Those file operations are not emphasized in the top-level SKILL.md metadata and the skill uses environment toggles (e.g., OKTK_DISABLE, OKTK_AI_LEARN) that are not declared in the registry metadata. The analytics system will record sanitized command lines locally by default, which is a privacy risk if you assume no persistent telemetry.
โ„น Install Mechanism
There is no install specification in the registry (instruction-only), yet the package contains an installable Node CLI (package.json, bin mapping) and many scripts. No remote downloads or external installers are used. The lack of an explicit install step in the registry vs. the presence of full code is an inconsistency to be aware of, but the code itself does not fetch arbitrary remote artifacts.
โš  Credentials
Registry metadata says no required env vars, but the code reads and respects multiple environment variables (OKTK_DISABLE, OKTK_CACHE_TTL, OKTK_CACHE_DIR, OKTK_LOG_FILE, OKTK_STATS_FILE, OKTK_DEBUG, OKTK_AI_LEARN, OKTK_AI_MODEL, etc.). Analytics is enabled by default unless explicitly disabled. The skill logs sanitized commands and metrics to files in the user's home โ€” this is more privileged than a simple stateless transformer and should be justified/consented to by the user.
โ„น Persistence & Privilege
The skill persists cache, analytics logs, stats, and learned patterns to ~/.oktk (and suggests a config file ~/.oktk/config.json). It does not request always:true or system-wide config changes and does not appear to modify other skills. Persistence to the home directory is expected for a tool with caching/analytics/learning, but users should know this creates local files that survive restarts.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install oktk
  3. After installation, invoke the skill by name or use /oktk
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.4.0
v2.4.0: Added shell aliases for auto-filtering (gst, dps, kpods, ok wrapper)
v2.3.1
Updated name with savings highlight
v2.3.0
Author: Buba Draugelis ๐Ÿค–๐Ÿ‡ฑ๐Ÿ‡น
v2.2.0
Security fix: Removed shell execution patterns (execSync, rm -rf). Uses safe fs methods and heuristics.
v2.1.1
Clean up name
v2.1.0
SEO update: Better discoverability for token optimization, reduce API costs, GPT-4/Claude
v2.0.1
Fix author email
v2.0.0
v2.0: Docker + Kubectl filters, AI auto-learning, Cost tracker. By Armantas Pranaitis.
v1.3.0
Renamed to AI Token Killer
v1.2.0
Renamed: Token Killer - by Armantas Pranaitis
v1.1.0
Clear documentation: explains the problem, solution, when/where/how it works with concrete examples
v1.0.0
Initial release: 60-90% token savings via smart filtering
Metadata
Slug oktk
Version 2.4.0
License โ€”
All-time Installs 0
Active Installs 0
Total Versions 12
Frequently Asked Questions

What is Oktk?

LLM Token Optimizer - Reduce AI API costs by 60-90%. Compresses CLI outputs (git, docker, kubectl) before sending to GPT-4/Claude. AI auto-learning included. By Buba Draugelis ๐Ÿ‡ฑ๐Ÿ‡น. It is an AI Agent Skill for Claude Code / OpenClaw, with 1122 downloads so far.

How do I install Oktk?

Run "/install oktk" in the OpenClaw or Claude Code chat to install it in one step โ€” no extra setup required.

Is Oktk free?

Yes, Oktk is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Oktk support?

Oktk is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Oktk?

It is built and maintained by satnamra (@satnamra); the current version is v2.4.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
โฌ‡ 463283 ยท by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
โฌ‡ 259410 ยท by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
โฌ‡ 232503 ยท by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
โฌ‡ 200423 ยท by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
โฌ‡ 191113 ยท by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
โฌ‡ 190156 ยท by oswalpalash

๐Ÿ’ฌ Comments