← 返回 Skills 市场
Tokenguard Pro
作者
sammy-the-bot
· GitHub ↗
· v1.0.0
· MIT-0
285
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install tokenguard-pro
功能描述
Token cost optimizer for OpenClaw agents. Scan usage patterns, identify waste (excessive context, repeated queries, inefficient tool use), and get actionable...
安全使用建议
Do not install or run this skill yet. Key issues to resolve with the publisher: (1) Provide the actual tokenguard-analyze executable/script and full source so you can review it; (2) Explain exactly which OpenClaw log files/paths it reads and why no config paths were declared; (3) Justify the additional required binary 'bc' listed in clawhub.yaml and reconcile bins across files; (4) Remove or explain the proposed symlink to /usr/local/bin (system-level install) or provide an alternative installation method and an integrity-checked release (e.g., GitHub release). If you must test, run in a restricted sandbox or VM, and inspect the tokenguard-analyze script contents before granting filesystem write or log read permissions. Be especially cautious because session logs can contain API keys and sensitive data — ensure the tool will not send logs to external endpoints without explicit, auditable consent.
功能分析
Type: OpenClaw Skill
Name: tokenguard-pro
Version: 1.0.0
The skill bundle describes a legitimate utility for analyzing AI token usage and providing cost-optimization recommendations. The documentation (SKILL.md, README.md) and configuration files (clawhub.yaml, package.json) are consistent with the stated purpose of processing session logs to identify inefficiencies like context bloat and model mismatches. No malicious code, data exfiltration patterns, or prompt injection attacks were identified in the provided files. While the core script 'tokenguard-analyze' was not included in the provided text, the metadata and instructions show no signs of harmful intent or unauthorized behavior.
能力评估
Purpose & Capability
The stated purpose is to analyze OpenClaw session logs. That legitimately requires a binary/script to parse logs and read log files. However the published package does not include the claimed executable (tokenguard-analyze is referenced in README, package.json, and clawhub.yaml but is not present in the file list). clawhub.yaml also adds 'bc' to required bins while SKILL.md and registry metadata list only bash and jq. These inconsistencies indicate the manifest and files do not align with the described capability.
Instruction Scope
SKILL.md repeatedly says the tool 'requires access to OpenClaw session logs' and instructs running tokenguard-analyze to scan logs, but the SKILL.md does not declare where logs live, which config paths to read, or how to authenticate to them. The skill does not declare any required config paths or environment variables even though analyzing session logs often requires filesystem or storage access (and logs can contain sensitive tokens). The instructions therefore ask for sensitive data access without describing or declaring it.
Install Mechanism
Registry summary indicated 'No install spec', but clawhub.yaml contains an install step that would symlink tokenguard-analyze to /usr/local/bin (a system path). That operation is potentially privileged and the executable referenced is missing. package.json also lists a bin and preferGlobal: true, implying a global install. The presence of an install directive that writes into /usr/local/bin combined with missing executable is an incoherence and a security risk if the real install were provided without review.
Credentials
The skill declares no required environment variables or config paths, yet its function explicitly needs access to session logs. This omission is disproportionate: either the skill should declare specific log paths/credentials, or it cannot perform its stated function. There are no explicit credentials requested, which reduces some risk, but log access may implicitly expose API keys and other secrets if not scoped and documented.
Persistence & Privilege
always:false and user-invocable:true (normal). However the packaged metadata implies creating a symlink into /usr/local/bin and global installation preference — that would give persistent system-level presence and requires elevated file-system write access. Because the file that would be installed is missing, this is currently an unresolved inconsistency rather than a confirmed privilege escalation, but it should be treated cautiously.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tokenguard-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/tokenguard-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
tokenguard-pro 1.0.0 – Initial Release
- Launches TokenGuard Pro: an OpenClaw agent token cost optimizer.
- Scans session logs to identify waste (oversized context, repeated queries, inefficient tool use).
- Provides actionable recommendations and projected cost savings.
- Designed for high-volume API users (>$100/month).
- CLI supports customizable analysis and report export.
- Read-only, safe to use alongside existing controls and dashboards.
元数据
常见问题
Tokenguard Pro 是什么?
Token cost optimizer for OpenClaw agents. Scan usage patterns, identify waste (excessive context, repeated queries, inefficient tool use), and get actionable... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 285 次。
如何安装 Tokenguard Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tokenguard-pro」即可一键安装,无需额外配置。
Tokenguard Pro 是免费的吗?
是的,Tokenguard Pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Tokenguard Pro 支持哪些平台?
Tokenguard Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Tokenguard Pro?
由 sammy-the-bot(@sammy-the-bot)开发并维护,当前版本 v1.0.0。
推荐 Skills