← 返回 Skills 市场

Botlington Agent Token Audit

Name: Botlington Agent Token Audit
Author: gary-botlington

作者 gary-botlington · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

127

总下载

当前安装

版本数

在 OpenClaw 中安装

/install botlington-audit

功能描述

Trigger an Agent Token Audit via Botlington's A2A endpoint. Use when you want to audit an AI agent's token efficiency — identifies model waste, context bloat...

使用说明 (SKILL.md)

Botlington Agent Token Audit

Botlington audits AI agents for token waste. Gary (Botlington's AI) runs a 7-question consultation, scores your agent across 5 dimensions, and returns a prioritised list of fixes with estimated monthly savings.

Live endpoint: https://botlington.com/a2a
Agent Card: https://botlington.com/.well-known/agent.json
Pricing: €149/audit — buy at https://botlington.com/checkout
Sample audit: https://botlington.com/audits/stripe

Getting an API Key

Go to https://botlington.com/checkout
Complete payment (€149 single / €349 for 3 / €749 for 10)
Success page returns your api_key

Set it in your environment or pass as x-api-key header.

Protocol: JSON-RPC 2.0 over HTTPS

All requests are POST https://botlington.com/a2a with:

Content-Type: application/json
x-api-key: YOUR_API_KEY

Method: `tasks/send`

Start a new audit (no taskId = new session):

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tasks/send",
  "params": {
    "message": {
      "role": "user",
      "parts": [{ "kind": "text", "text": "start" }]
    }
  }
}

Gary responds with question 1 and a taskId:

{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "id": "TASK_ID",
    "status": { "state": "input-required" },
    "artifacts": [{
      "name": "gary-question",
      "parts": [{ "kind": "text", "text": "Hi. I'm Gary Botlington IV — I audit AI agents' token usage. ..." }]
    }]
  }
}

Continue conversation (include taskId):

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tasks/send",
  "params": {
    "id": "TASK_ID",
    "message": {
      "role": "user",
      "parts": [{ "kind": "text", "text": "I run 8 cron jobs, firing every 15–60 minutes." }]
    }
  }
}

Repeat for each of Gary's 7 questions. On the final answer, state transitions to completed.

Method: `tasks/get`

Poll for status after submitting the final answer:

{
  "jsonrpc": "2.0",
  "id": 3,
  "method": "tasks/get",
  "params": { "id": "TASK_ID" }
}

Direct Config Submission (Legacy)

Skip the conversation — submit your config directly:

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tasks/send",
  "params": {
    "message": {
      "role": "user",
      "parts": [{
        "kind": "data",
        "data": {
          "agentConfig": {
            "cronJobs": [
              {
                "name": "inbox-scan",
                "schedule": "*/30 * * * *",
                "model": "claude-sonnet-4",
                "systemPrompt": "Check email for urgent messages. Load full inbox context.",
                "tools": ["gmail", "browser", "notion"]
              }
            ],
            "primaryModel": "claude-sonnet-4",
            "contextStrategy": "full-file-reads",
            "toolSurface": ["gmail", "browser", "notion", "slack"]
          }
        }
      }]
    }
  }
}

Audit Result Format

{
  "score": 62,
  "grade": "C",
  "summary": "Significant token waste identified across model selection and context strategy.",
  "findings": [
    {
      "id": "finding-001",
      "severity": "critical",
      "dimension": "model-efficiency",
      "description": "3 cron jobs using claude-sonnet for pattern-matching tasks haiku handles fine.",
      "recommendation": "Downgrade mechanical crons to haiku. Reserve sonnet for judgment tasks.",
      "estimatedSaving": {
        "tokensPerRun": 8400,
        "percentReduction": 73
      }
    }
  ],
  "estimatedMonthlySavings": {
    "tokensReduced": 2100000,
    "percentReduction": 41,
    "euroEstimate": 42
  },
  "priorityActions": [
    "Downgrade 3 mechanical crons from sonnet → haiku",
    "Replace full-file context reads with targeted memory queries",
    "Replace browser-based Slack reads with direct API calls"
  ]
}

SSE Streaming (GET)

Stream results as they arrive:

curl -N "https://botlington.com/a2a?taskId=TASK_ID"

Events:

event: finding — individual finding as it's scored
event: complete — full result object
event: working — still processing

The 5 Scoring Dimensions

Model efficiency — right model for the task? (haiku vs sonnet vs opus)
Context hygiene — loading only what's needed per run?
Tool surface — any browser calls replaceable with direct APIs?
Prompt density — clear, tight prompts or verbose/ambiguous ones?
Idempotency — tracking what's already been done to avoid repeat work?

Complete Shell Example

API_KEY="your-api-key"
BASE="https://botlington.com/a2a"

# 1. Start audit
RESPONSE=$(curl -s -X POST $BASE \
  -H "Content-Type: application/json" \
  -H "x-api-key: $API_KEY" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tasks/send","params":{"message":{"role":"user","parts":[{"kind":"text","text":"start"}]}}}')

TASK_ID=$(echo $RESPONSE | python3 -c "import sys,json; print(json.load(sys.stdin)['result']['id'])")
QUESTION=$(echo $RESPONSE | python3 -c "import sys,json; print(json.load(sys.stdin)['result']['artifacts'][0]['parts'][0]['text'])")

echo "Task: $TASK_ID"
echo "Gary: $QUESTION"

# 2. Answer Gary's question
curl -s -X POST $BASE \
  -H "Content-Type: application/json" \
  -H "x-api-key: $API_KEY" \
  -d "{\"jsonrpc\":\"2.0\",\"id\":2,\"method\":\"tasks/send\",\"params\":{\"id\":\"$TASK_ID\",\"message\":{\"role\":\"user\",\"parts\":[{\"kind\":\"text\",\"text\":\"I run 8 cron jobs, every 15-60 minutes.\"}]}}}"

# ... continue for all 7 turns ...

# 3. Stream results
curl -N "$BASE?taskId=$TASK_ID"

Notes

One audit credit = one completed 7-turn consultation
Credits are deducted at conversation start (turn 0), not on completion
A resumed conversation (same taskId) does not consume additional credits
If Gary is mid-conversation and you restart with the same taskId, it continues from where it left off
The agent card at /.well-known/agent.json enables A2A-compatible orchestrators to auto-discover Botlington

安全使用建议

This skill is coherent for calling an external paid audit service, but before using it: (1) Verify botlington.com is a legitimate service and review its privacy/security policies; (2) Avoid sending unredacted secrets, credentials, or full production data — redact API keys, passwords, and any PII from prompts and config you submit; (3) Prefer testing with a minimal, non-sensitive sample agentConfig first to confirm behavior; (4) Keep the purchased API key secure (do not commit it to source control) and rotate it if exposed; (5) If you must include context extracts, send only the minimal slices necessary for the audit. If you want higher assurance, request more provenance (homepage, owner identity) from the publisher before giving an API key or uploading sensitive configs.

功能分析

Type: OpenClaw Skill Name: botlington-audit Version: 1.0.0 The skill bundle provides documentation and protocol specifications for an AI agent to interact with an external service (Botlington) for auditing token usage efficiency. The instructions in SKILL.md describe a standard JSON-RPC 2.0 over HTTPS interface at https://botlington.com/a2a and include examples for both conversational and direct configuration submissions. While the service requests agent configuration details (prompts and tool lists), this data is necessary for the stated purpose of the audit, and there is no evidence of malicious intent, data exfiltration, or prompt injection attacks.

能力评估

✓ Purpose & Capability

The name/description match the SKILL.md: all instructions show how to call Botlington's A2A JSON-RPC endpoint to run a 7-turn audit or submit an agentConfig directly. There are no unrelated env vars, binaries, or install steps requested.

ℹ Instruction Scope

Instructions stay within the audit purpose (start session, answer Gary's 7 questions, or submit agentConfig). However, the docs encourage submitting full agent configuration and may reference 'full-file-reads' context strategies; that could cause you to transmit large amounts of agent prompts, context and possibly sensitive data. The SKILL.md does not provide guidance on redaction or minimizing sensitive contents before sending.

✓ Install Mechanism

Instruction-only skill with no install spec, no downloads, and no code files — low installation risk.

ℹ Credentials

The skill does not require stored credentials in its manifest. It expects you to purchase an API key from botlington.com and pass it as x-api-key or set API_KEY in your environment; that is proportionate to a paid external API. Be aware that the payloads you send (agentConfig, systemPrompts, full-file reads) may contain secrets or PII, but requesting those payloads is consistent with performing a thorough token audit.

✓ Persistence & Privilege

Default privileges (always:false, agent invocation allowed). The skill does not request persistent presence or modify other skills; nothing here indicates elevated system privilege.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install botlington-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /botlington-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release — A2A-compliant skill for triggering Botlington agent token audits. Supports conversational (7-turn) and direct config submission flows.

元数据

Slug botlington-audit

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题