← 返回 Skills 市场
107
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install token-saver-korean
功能描述
🧠 한국어 Context DB for AI Agents — 토큰 91% 절감. 임베딩 의미 검색, 중복 자동 병합, 메모리 계층화(Hot/Warm/Cold), 자동 아카이브, WAL 프로토콜, 엔티티 추출. Korean-first + English support.
安全使用建议
This skill appears to implement what it claims, but exercise caution before installing or running it:
- Inspect and (if needed) remove or edit init_bora_context.py before running. It contains hard-coded Windows paths that read several workspace files and then save them into the memory DB; these files could contain sensitive info and will be sent (for embedding) to the external Fireworks API if a key is present.
- Only provide a FIREWORKS_API_KEY you trust. Treat that key as granting the embedding service access to any text you send.
- If you want to try the skill safely, run it in an isolated environment or test VM, and do not export your real workspace paths or secrets into that environment.
- Confirm you are happy with local storage of embeddings.json/wal.json and where client.save_memory persists data.
- The README contains an odd npm-related instruction for installing a Python package—review packaging/install steps carefully before copying files into ~/.openclaw or running automated install commands.
If you want higher assurance, ask the author for a version of the initializer that prompts before reading files or accepts explicit file paths, and a minimal README that documents exactly which local paths the skill will read and what data it will send to api.fireworks.ai.
功能分析
Type: OpenClaw Skill
Name: token-saver-korean
Version: 2.0.0
The skill bundle contains a script, 'init_bora_context.py', which uses hardcoded absolute Windows file paths targeting a specific user's directory ('C:\Users\Roken\.openclaw\workspace\'). This script attempts to read sensitive agent files such as 'SOUL.md', 'IDENTITY.md', and 'USER.md' to ingest them into the TokenSaver database. While the core logic in 'token_saver/client.py' appears to be a legitimate context management tool using Fireworks AI for embeddings, the inclusion of environment-specific scripts that target sensitive identity files from a hardcoded local path is a high-risk behavior. There is no clear evidence of intentional exfiltration to an attacker-controlled domain, but the targeting of specific local files makes the bundle suspicious.
能力标签
能力评估
Purpose & Capability
The declared purpose (Korean-first context DB with embedding search, dedup, tiers, WAL) aligns with the code and requirements: the client uses an embedding API and NLP libs (konlpy/nltk). Requesting FIREWORKS_API_KEY matches the EmbeddingManager which posts to api.fireworks.ai. However some README/installation hints (npm steps for an otherwise Python package) and the presence of a platform-specific initializer script suggest sloppy packaging or environment assumptions.
Instruction Scope
SKILL.md describes generic initialization and 'automatic workspace detection', but init_bora_context.py contains hard-coded Windows paths (C:\Users\Roken\.openclaw\workspace\...) and will read local files (MEMORY.md, USER.md, SOUL.md, AGENTS.md, IDENTITY.md) and then call client.save_memory() and generate embeddings. That means local workspace documents could be read and (via the embedding API) transmitted externally; this behavior is not explicitly surfaced in SKILL.md and is scope-creep from a user-perspective.
Install Mechanism
There is no remote download or opaque installer: dependencies are standard Python packages (konlpy, nltk) referenced in SKILL.md and pyproject. No suspicious external URL downloads or extract operations were found. The only network call in code is to the Fireworks embeddings endpoint which is expected for an embedding-based skill.
Credentials
Only FIREWORKS_API_KEY is required, which is proportionate to using an external embedding provider. However the key would be used to send content (possibly sensitive) to the fireworks.ai API; requiring a single embedding API key is reasonable but the combination with the initializer that reads local files increases the risk of unintended data transmission. No other unrelated secrets are requested.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide configs. It stores embeddings and some JSON files locally (embeddings.json, wal.json) which is expected for a local context DB. The initializer modifies/reads local workspace files only (no evidence of escalating privileges), but that local access is environment-specific and should be reviewed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install token-saver-korean - 安装完成后,直接呼叫该 Skill 的名称或使用
/token-saver-korean触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
v2.0: 임베딩 의미 검색, 중복 자동 병합, 메모리 계층화(Hot/Warm/Cold), 자동 아카이브, 엔티티 추출, nltk 지원
元数据
常见问题
TokenSaver Korean 是什么?
🧠 한국어 Context DB for AI Agents — 토큰 91% 절감. 임베딩 의미 검색, 중복 자동 병합, 메모리 계층화(Hot/Warm/Cold), 자동 아카이브, WAL 프로토콜, 엔티티 추출. Korean-first + English support. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 107 次。
如何安装 TokenSaver Korean?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install token-saver-korean」即可一键安装,无需额外配置。
TokenSaver Korean 是免费的吗?
是的,TokenSaver Korean 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
TokenSaver Korean 支持哪些平台?
TokenSaver Korean 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 TokenSaver Korean?
由 dorongss(@dorongss)开发并维护,当前版本 v2.0.0。
推荐 Skills