← 返回 Skills 市场
satnamra

Oktk

作者 satnamra · GitHub ↗ · v2.4.0
cross-platform ⚠ suspicious
1122
总下载
0
收藏
0
当前安装
12
版本数
在 OpenClaw 中安装
/install oktk
功能描述
LLM Token Optimizer - Reduce AI API costs by 60-90%. Compresses CLI outputs (git, docker, kubectl) before sending to GPT-4/Claude. AI auto-learning included. By Buba Draugelis 🇱🇹
安全使用建议
This skill appears to implement what it claims (compress CLI outputs) but it also stores persistent data and logs locally by default. Things to consider before installing: - It expects Node and contains a CLI; confirm whether the registry metadata (which omitted node) matches your install path. Ensure you run it with Node >=18 if you use the included scripts. - By default analytics and caching are enabled and write to ~/.oktk (savings.log, stats.json, cache/, learned/). If you don't want local telemetry, set OKTK_DISABLE=true and/or OKTK_DEBUG=0 before running, or inspect/clean ~/.oktk after testing. - The analytics sanitizes some secret patterns but may not catch all sensitive data; avoid piping extremely sensitive outputs (full tokens, secrets) through the filter until you review the code and test in an isolated environment. - The AI-learning feature creates learned-pattern files in your home (~/.oktk/learned) when enabled (OKTK_AI_LEARN=1). If you prefer no learning, keep it disabled. - Because the registry metadata and SKILL.md differ about required binaries/env, review package.json and scripts locally before trusting an automated install. Test the tool in a disposable environment (or a VM/container) to verify behavior and file writes. Overall: reasonable functionality but with privacy/persistence surprises and metadata inconsistencies — review and test before enabling in production.
功能分析
Type: OpenClaw Skill Name: oktk Version: 2.4.0 The skill bundle contains a critical shell injection vulnerability in `scripts/oktk.js`. The `oktk` script directly executes user-provided command strings via `child_process.execSync` without proper sanitization, allowing arbitrary command execution if a malicious input is provided to `oktk`. The `scripts/oktk-aliases.sh` also constructs commands in a way that can trigger this vulnerability. While this poses a severe Remote Code Execution risk, there is no evidence of intentional malicious behavior such as data exfiltration or persistence mechanisms; it appears to be an unintentional flaw in handling command arguments, classifying it as suspicious rather than malicious.
能力评估
Purpose & Capability
The code implements filters/caching/analytics that align with the 'token optimizer' description. However SKILL.md declares node as a required binary while the registry metadata lists no required binaries — an inconsistency. The presence of analytics, cache, and AI-learning subsystems is plausible for this tool but expands scope beyond a minimal 'output compressor' (it persists learning, stats, and cache).
Instruction Scope
SKILL.md instructs users to pipe outputs and source shell aliases; that is expected. But runtime behavior (from implementation files) includes writing logs, stats, cache, and learned-pattern files under the user's home directory (~/.oktk) and reading/writing config there. Those file operations are not emphasized in the top-level SKILL.md metadata and the skill uses environment toggles (e.g., OKTK_DISABLE, OKTK_AI_LEARN) that are not declared in the registry metadata. The analytics system will record sanitized command lines locally by default, which is a privacy risk if you assume no persistent telemetry.
Install Mechanism
There is no install specification in the registry (instruction-only), yet the package contains an installable Node CLI (package.json, bin mapping) and many scripts. No remote downloads or external installers are used. The lack of an explicit install step in the registry vs. the presence of full code is an inconsistency to be aware of, but the code itself does not fetch arbitrary remote artifacts.
Credentials
Registry metadata says no required env vars, but the code reads and respects multiple environment variables (OKTK_DISABLE, OKTK_CACHE_TTL, OKTK_CACHE_DIR, OKTK_LOG_FILE, OKTK_STATS_FILE, OKTK_DEBUG, OKTK_AI_LEARN, OKTK_AI_MODEL, etc.). Analytics is enabled by default unless explicitly disabled. The skill logs sanitized commands and metrics to files in the user's home — this is more privileged than a simple stateless transformer and should be justified/consented to by the user.
Persistence & Privilege
The skill persists cache, analytics logs, stats, and learned patterns to ~/.oktk (and suggests a config file ~/.oktk/config.json). It does not request always:true or system-wide config changes and does not appear to modify other skills. Persistence to the home directory is expected for a tool with caching/analytics/learning, but users should know this creates local files that survive restarts.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install oktk
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /oktk 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.4.0
v2.4.0: Added shell aliases for auto-filtering (gst, dps, kpods, ok wrapper)
v2.3.1
Updated name with savings highlight
v2.3.0
Author: Buba Draugelis 🤖🇱🇹
v2.2.0
Security fix: Removed shell execution patterns (execSync, rm -rf). Uses safe fs methods and heuristics.
v2.1.1
Clean up name
v2.1.0
SEO update: Better discoverability for token optimization, reduce API costs, GPT-4/Claude
v2.0.1
Fix author email
v2.0.0
v2.0: Docker + Kubectl filters, AI auto-learning, Cost tracker. By Armantas Pranaitis.
v1.3.0
Renamed to AI Token Killer
v1.2.0
Renamed: Token Killer - by Armantas Pranaitis
v1.1.0
Clear documentation: explains the problem, solution, when/where/how it works with concrete examples
v1.0.0
Initial release: 60-90% token savings via smart filtering
元数据
Slug oktk
版本 2.4.0
许可证
累计安装 0
当前安装数 0
历史版本数 12
常见问题

Oktk 是什么?

LLM Token Optimizer - Reduce AI API costs by 60-90%. Compresses CLI outputs (git, docker, kubectl) before sending to GPT-4/Claude. AI auto-learning included. By Buba Draugelis 🇱🇹. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1122 次。

如何安装 Oktk?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install oktk」即可一键安装,无需额外配置。

Oktk 是免费的吗?

是的,Oktk 完全免费(开源免费),可自由下载、安装和使用。

Oktk 支持哪些平台?

Oktk 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Oktk?

由 satnamra(@satnamra)开发并维护,当前版本 v2.4.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论