← Back to Skills Marketplace
Tokenguard Pro
by
sammy-the-bot
· GitHub ↗
· v1.0.0
· MIT-0
285
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install tokenguard-pro
Description
Token cost optimizer for OpenClaw agents. Scan usage patterns, identify waste (excessive context, repeated queries, inefficient tool use), and get actionable...
Usage Guidance
Do not install or run this skill yet. Key issues to resolve with the publisher: (1) Provide the actual tokenguard-analyze executable/script and full source so you can review it; (2) Explain exactly which OpenClaw log files/paths it reads and why no config paths were declared; (3) Justify the additional required binary 'bc' listed in clawhub.yaml and reconcile bins across files; (4) Remove or explain the proposed symlink to /usr/local/bin (system-level install) or provide an alternative installation method and an integrity-checked release (e.g., GitHub release). If you must test, run in a restricted sandbox or VM, and inspect the tokenguard-analyze script contents before granting filesystem write or log read permissions. Be especially cautious because session logs can contain API keys and sensitive data — ensure the tool will not send logs to external endpoints without explicit, auditable consent.
Capability Analysis
Type: OpenClaw Skill
Name: tokenguard-pro
Version: 1.0.0
The skill bundle describes a legitimate utility for analyzing AI token usage and providing cost-optimization recommendations. The documentation (SKILL.md, README.md) and configuration files (clawhub.yaml, package.json) are consistent with the stated purpose of processing session logs to identify inefficiencies like context bloat and model mismatches. No malicious code, data exfiltration patterns, or prompt injection attacks were identified in the provided files. While the core script 'tokenguard-analyze' was not included in the provided text, the metadata and instructions show no signs of harmful intent or unauthorized behavior.
Capability Assessment
Purpose & Capability
The stated purpose is to analyze OpenClaw session logs. That legitimately requires a binary/script to parse logs and read log files. However the published package does not include the claimed executable (tokenguard-analyze is referenced in README, package.json, and clawhub.yaml but is not present in the file list). clawhub.yaml also adds 'bc' to required bins while SKILL.md and registry metadata list only bash and jq. These inconsistencies indicate the manifest and files do not align with the described capability.
Instruction Scope
SKILL.md repeatedly says the tool 'requires access to OpenClaw session logs' and instructs running tokenguard-analyze to scan logs, but the SKILL.md does not declare where logs live, which config paths to read, or how to authenticate to them. The skill does not declare any required config paths or environment variables even though analyzing session logs often requires filesystem or storage access (and logs can contain sensitive tokens). The instructions therefore ask for sensitive data access without describing or declaring it.
Install Mechanism
Registry summary indicated 'No install spec', but clawhub.yaml contains an install step that would symlink tokenguard-analyze to /usr/local/bin (a system path). That operation is potentially privileged and the executable referenced is missing. package.json also lists a bin and preferGlobal: true, implying a global install. The presence of an install directive that writes into /usr/local/bin combined with missing executable is an incoherence and a security risk if the real install were provided without review.
Credentials
The skill declares no required environment variables or config paths, yet its function explicitly needs access to session logs. This omission is disproportionate: either the skill should declare specific log paths/credentials, or it cannot perform its stated function. There are no explicit credentials requested, which reduces some risk, but log access may implicitly expose API keys and other secrets if not scoped and documented.
Persistence & Privilege
always:false and user-invocable:true (normal). However the packaged metadata implies creating a symlink into /usr/local/bin and global installation preference — that would give persistent system-level presence and requires elevated file-system write access. Because the file that would be installed is missing, this is currently an unresolved inconsistency rather than a confirmed privilege escalation, but it should be treated cautiously.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tokenguard-pro - After installation, invoke the skill by name or use
/tokenguard-pro - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
tokenguard-pro 1.0.0 – Initial Release
- Launches TokenGuard Pro: an OpenClaw agent token cost optimizer.
- Scans session logs to identify waste (oversized context, repeated queries, inefficient tool use).
- Provides actionable recommendations and projected cost savings.
- Designed for high-volume API users (>$100/month).
- CLI supports customizable analysis and report export.
- Read-only, safe to use alongside existing controls and dashboards.
Metadata
Frequently Asked Questions
What is Tokenguard Pro?
Token cost optimizer for OpenClaw agents. Scan usage patterns, identify waste (excessive context, repeated queries, inefficient tool use), and get actionable... It is an AI Agent Skill for Claude Code / OpenClaw, with 285 downloads so far.
How do I install Tokenguard Pro?
Run "/install tokenguard-pro" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Tokenguard Pro free?
Yes, Tokenguard Pro is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Tokenguard Pro support?
Tokenguard Pro is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Tokenguard Pro?
It is built and maintained by sammy-the-bot (@sammy-the-bot); the current version is v1.0.0.
More Skills