← 返回 Skills 市场
whyhit2005

proxy-token-optimizer

作者 whyhit2005 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
253
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install proxy-token-optimizer
功能描述
Optimize LLM token usage and API costs for the openclaw-manager proxy platform. Provides model-tier routing (route simple prompts to glm-4.7-flashx instead o...
安全使用建议
This skill appears to do what it claims (routing, context optimization, heartbeat config, and DB-backed usage reports) but there are red flags you should address before enabling it widely: - always: true is set. That forces this skill into every agent run. Remove or justify always: true unless you need the skill globally; prefer explicit invocation. - The platform-side scripts import app.database and app.settings and will query PostgreSQL. That requires running inside the openclaw-manager environment with DB credentials present — but the skill does not declare these credentials or config paths. Treat DB access as sensitive: require explicit user consent before running those commands and restrict where the skill can run. - If you plan to use the usage_report/quota_advisor features, run them manually from the openclaw-manager project root in a controlled environment first. Inspect the queries and ensure they only read required tables/columns and that the DB user has least privilege. - Because the skill writes files (AGENTS.md.optimized and other patches), review generated output before applying it to production configs. - If you enable autonomous invocation, restrict the skill's triggers or remove always: true; otherwise the agent may call into code that touches your DB without explicit operator confirmation. Bottom line: the code is coherent with the stated purpose, but the combination of always: true + undeclared DB access is disproportionate and worth fixing before installation.
功能分析
Type: OpenClaw Skill Name: proxy-token-optimizer Version: 1.0.1 The skill bundle provides legitimate LLM cost-optimization tools but includes high-risk capabilities, such as direct access to the platform's PostgreSQL database to query sensitive usage records in 'usage_report.py' and 'quota_advisor.py'. It also utilizes the 'always: true' metadata flag in 'SKILL.md', which allows the skill to intercept and modify the agent's behavior for every prompt. While the code appears well-written and lacks clear evidence of malicious intent or data exfiltration, the combination of broad database access and persistent prompt-level interception meets the threshold for a suspicious classification.
能力评估
Purpose & Capability
The name/description align with the included scripts: model routing, context lazy-loading, heartbeat patch generation, and PostgreSQL-backed usage reports. However, the skill includes platform-side code that expects an openclaw-manager runtime (DB/session/settings) but the skill declares no required environment variables or config paths to indicate that database credentials or project context are needed.
Instruction Scope
SKILL.md and the scripts instruct the agent/operator to query the usage_records PostgreSQL table and import app.database/app.settings when running platform-side reports. The README also directs automatic use 'whenever the user mentions token optimization', which combined with always: true grants broad discretionary invocation. The instructions do not explicitly require user confirmation before running DB queries or clarify which commands require elevated access.
Install Mechanism
There is no install spec (instruction-only install), so nothing is fetched from external URLs or installed automatically. All code ships inside the skill bundle; this is low-install risk.
Credentials
Platform-side scripts need access to the project's DB/session and settings (they import app.database and app.settings), which implies database credentials/config are required. The skill declares no required env vars or config paths (primaryEnv is none). This is a mismatch: the skill will only work if run within the openclaw-manager environment, and the lack of explicit credential/config requirements obscures the fact that it may access sensitive DB records.
Persistence & Privilege
The skill metadata sets always: true (force-included in every agent run). That is a significant privilege here because the skill contains code capable of querying local project databases. Always-enabled combined with potential autonomous invocation increases the blast radius; the SKILL.md's broad trigger rules strengthen the concern because the skill could be invoked in many contexts without explicit user intent.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install proxy-token-optimizer
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /proxy-token-optimizer 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added SKILL metadata: now always active for openclaw-manager via `"openclaw": {"always": true}`. - Included new project files: CHANGELOG.md, README.md, SECURITY.md, .clawhubsafe, and others. - No functional changes to optimization logic or documentation content.
v1.0.0
Initial release: Proxy Token Optimizer for openclaw-manager - Adds model-tier routing to automatically use the cheapest LLM model capable of handling each prompt. - Implements heartbeat call optimization: routes to the cheapest model and configures longer heartbeat intervals to reduce costs. - Introduces context lazy loading to load only necessary context files based on prompt complexity, minimizing unnecessary token usage. - Provides platform-level usage analytics and real-time quota-matching advice using actual data from PostgreSQL. - Includes a unified CLI covering model routing, context optimization, heartbeat configuration, usage reports, and quota analysis.
元数据
Slug proxy-token-optimizer
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

proxy-token-optimizer 是什么?

Optimize LLM token usage and API costs for the openclaw-manager proxy platform. Provides model-tier routing (route simple prompts to glm-4.7-flashx instead o... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 253 次。

如何安装 proxy-token-optimizer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install proxy-token-optimizer」即可一键安装,无需额外配置。

proxy-token-optimizer 是免费的吗?

是的,proxy-token-optimizer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

proxy-token-optimizer 支持哪些平台?

proxy-token-optimizer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 proxy-token-optimizer?

由 whyhit2005(@whyhit2005)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论