← 返回 Skills 市场
Token Guard
作者
edmonddantesj
· GitHub ↗
· v1.5.0
930
总下载
0
收藏
5
当前安装
3
版本数
在 OpenClaw 中安装
/install token-guard
功能描述
Prevents LLM API 429 errors by estimating tokens, tracking quotas, throttling requests, detecting duplicates, caching responses, and auto-fallback by model.
安全使用建议
Summary of things to consider before installing:
- The implementation and documentation disagree. SKILL.md promises caching, duplicate detection, record_usage/cache_response/record_429 helpers and richer behavior; the shipped script only provides TokenGuard.check_quota(...) and saves simple usage/request counters. If you rely on the advertised APIs they will fail. Ask the author for a matching release or updated code.
- The script writes a state.json file (usage counters and timestamps) into the skill's base directory by default. This is normal for quota tracking but confirm the path is acceptable and writable in your environment if you care about where files are stored.
- There are no network calls, no environment variables read, and no obvious exfiltration of prompts/responses in the code. That reduces risk, but the mismatch between docs and code is a functional risk: an agent expecting missing methods may error or behave unpredictably.
- Recommended actions: (1) run the script in a sandboxed environment to verify behavior, (2) request a corrected SKILL.md or an updated script implementing the advertised features (or modify the agent to only call check_quota), and (3) inspect/monitor the created state.json while testing to ensure no sensitive data is written. If you need the advertised caching/duplicate-detection, do not deploy this version until those features are implemented.
功能分析
Type: OpenClaw Skill
Name: token-guard
Version: 1.5.0
The OpenClaw skill 'token-guard' is designed to prevent LLM API rate limits by tracking token usage and throttling requests. The `SKILL.md` documentation clearly outlines its purpose and features without containing any prompt injection attempts. The `scripts/token_guard.py` implementation uses standard Python libraries, manages its state locally via an atomically written `state.json` file, and does not perform any network calls, execute arbitrary commands, or access sensitive user data. While the 'compaction' logic could be manipulated by an agent to bypass quota limits for specific prompts, this is a functional bypass of the quota system, not a security vulnerability leading to RCE or data exfiltration. The skill aligns with its stated purpose and lacks any indicators of malicious intent or significant security risks.
能力评估
Purpose & Capability
Name/description imply a token/429 prevention engine and the included TokenGuard class does implement basic TPM/RPM checks and atomic state writes, which aligns with the stated purpose. However SKILL.md advertises multiple features (duplicate detection, response caching, 429 parser, record_usage/cache_response/record_429 methods, auto model fallback chains, etc.) that are not implemented in scripts/token_guard.py. That mismatch means the skill does not actually provide many of the advertised capabilities.
Instruction Scope
SKILL.md usage examples instruct callers to call guard.record_usage(...), guard.cache_response(...), guard.record_429(...), and other methods, but the code only exposes TokenGuard.check_quota(...) and no record/cache methods. The instructions therefore direct an agent/developer to call non-existent APIs, which will cause runtime errors or undefined behavior. The README also claims duplicate detection and caching, but the code does not store prompts or responses or implement duplicate blocking — so the runtime scope described is inaccurate.
Install Mechanism
No install spec is provided (instruction-only skill with a single script). No external downloads or package installs are required, which minimizes install-time risk.
Credentials
The skill requests no environment variables or credentials and the code does not read environment variables, secrets, or network endpoints. It does write a local state file but does not log prompt contents or responses, so credential or prompt exfiltration is not apparent.
Persistence & Privilege
TokenGuard writes a state.json file by default into a directory computed relative to the script (base_dir = two directories above the script). That creates persistent state on disk (usage counts, request counts, window_start). This is expected for quota tracking but you should note where files will be written and whether that location is writable or appropriate. always:false and no special privileges requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install token-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/token-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.5.0
Added Atomic Write (file corruption protection), In-Memory Caching (IO boost), and RPM Rate Limiting.
v1.1.0
Improved resilience against network retries and fixed infinite hang issue by allowing non-cached duplicates to proceed with a warning. Increased duplicate threshold from 3 to 5.
v1.0.0
Initial release: pre-flight token estimation, quota tracking, duplicate detection, auto model fallback, 429 parser. Zero dependencies. Bootstrap compatible.
元数据
常见问题
Token Guard 是什么?
Prevents LLM API 429 errors by estimating tokens, tracking quotas, throttling requests, detecting duplicates, caching responses, and auto-fallback by model. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 930 次。
如何安装 Token Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install token-guard」即可一键安装,无需额外配置。
Token Guard 是免费的吗?
是的,Token Guard 完全免费(开源免费),可自由下载、安装和使用。
Token Guard 支持哪些平台?
Token Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Token Guard?
由 edmonddantesj(@edmonddantesj)开发并维护,当前版本 v1.5.0。
推荐 Skills