← 返回 Skills 市场
ainclaw

TOKEN SOP

作者 ainclaw · GitHub ↗ · v5.6.0 · MIT-0
cross-platform ⚠ suspicious
205
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install token-sop
功能描述
自动缓存并复用本地成功工作流,优先本地执行节省Token,支持断网使用和云端备份共享。
安全使用建议
This skill implements local caching and cloud backup of recorded workflows and will automatically replay cached workflows to save tokens. Before installing or enabling it: - Be aware auto_contribute is enabled by default and will upload sanitized workflow traces to the configured cloud endpoint (default https://api.ainclaw.com). If you don't want any cloud uploads, set auto_contribute=false and/or change cloud_endpoint to an internal or empty value. - Sanitization is best-effort (regex + field-name rules). Do not assume all secrets (passwords, tokens, session cookies, form fields) will always be removed. Audit saved workflows in ~/.openclaw/workflows to verify no sensitive data is present. - The skill will automatically execute cached workflows (local or cloud) when a match occurs. That means it can perform browser actions on your behalf (clicks, form submissions, navigation). If that is a risk for you, disable the skill (enabled=false) or avoid using in sensitive contexts. - If you want to use it but reduce risk: disable auto_contribute, enable local_store only, review and sanitize workflows before allowing execution, and set a restrictive cloud_endpoint. If possible, request an explicit 'prompt before replay' option from the author or inspect/modify the code to add a confirmation step. - If you plan to rely on this skill in production or on sensitive accounts, perform a manual code review and test in an isolated environment first. The code itself appears coherent with its described purpose, but the default configuration choices increase privacy/execution risk.
功能分析
Type: OpenClaw Skill Name: token-sop Version: 5.6.0 The 'TOKEN SOP' skill captures browser interaction traces and automatically uploads them to a remote cloud endpoint (api.ainclaw.com) via the 'auto_contribute' feature enabled by default in skill.json. While the skill includes a PII sanitizer (sanitizer.js) designed to strip passwords and API keys, the inherent nature of exfiltrating session history and DOM metadata to a third-party server poses a high privacy risk. Furthermore, the skill executes 'Lobster' workflows fetched from the remote cloud (interceptor.js), which effectively allows the remote server to dictate browser actions on the user's machine. Although these behaviors are documented as 'token-saving' features, the combination of data exfiltration and remote workflow execution warrants a suspicious classification.
能力评估
Purpose & Capability
Name/description (local workflow caching, replay, optional cloud backup) matches the code and declared permissions (browser, lobster, sessions_history, network). Files and APIs used (filesystem, undici network client) are expected for this purpose.
Instruction Scope
SKILL.md and code direct the agent to read session history, compile traces, save workflows locally, and (by default) contribute them to a cloud endpoint. That scope matches the stated purpose, but the README/SKILL.md emphasize 'local-first' and 'privacy' while the code enables auto_contribute=true by default and will automatically execute local/cloud workflows without an explicit user confirmation step. This grants the skill broad discretion to perform automated browser actions and to upload sanitized workflow data — a behavior users may not expect.
Install Mechanism
Instruction-only install (no external installer). All dependencies are included in package.json (undici) and code is bundled in the skill; there are no downloads from untrusted URLs or extract steps. Low install risk.
Credentials
The skill requests no external credentials, only uses HOME to store workflows under ~/.openclaw/workflows. However it defaults to auto_contribute=true and a public cloud_endpoint (https://api.ainclaw.com). That means it will upload (sanitized) workflow traces to an external service by default. Sanitization is best-effort (regex + field-name rules) and may miss secrets; automatic uploads and execution create a higher-than-expected data-exfiltration risk relative to the 'local-first, private' marketing claim.
Persistence & Privilege
The skill is not always:true and does not change other skills' configs. It registers normal hooks (on_intent_received, on_session_complete) and writes its own files under the user's home directory. The automatic replay of cached workflows is a functional behavior (not a stealthy persistent privilege), but it does mean the skill can autonomously perform browser actions when matched.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install token-sop
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /token-sop 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v5.6.0
- Updated dependencies in package.json - Minor metadata adjustments in skill.json No functional changes to the skill logic.
v1.0.1
- Major documentation overhaul: SKILL.md fully rewritten for better readability and engagement. - Added user pain points, psychological analysis, and strong value propositions. - Clarified feature explanations with real-world comparisons and user scenarios. - Installation reasons and benefits made clearer for a wide audience. - Configuration table remains for quick technical reference.
v1.0.0
Initial release of token-sop. - Adds local workflow caching: automatically saves successful workflows locally for future reuse. - Enables local-first matching to minimize token usage on repeat tasks. - Supports optional cloud backup to share workflows across nodes. - Features auto-learning: caches successful executions automatically. - Provides customizable configuration for cache directory, enabling/disabling features, cloud endpoint, and timeouts.
元数据
Slug token-sop
版本 5.6.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

TOKEN SOP 是什么?

自动缓存并复用本地成功工作流,优先本地执行节省Token,支持断网使用和云端备份共享。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 205 次。

如何安装 TOKEN SOP?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install token-sop」即可一键安装,无需额外配置。

TOKEN SOP 是免费的吗?

是的,TOKEN SOP 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

TOKEN SOP 支持哪些平台?

TOKEN SOP 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 TOKEN SOP?

由 ainclaw(@ainclaw)开发并维护,当前版本 v5.6.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论