← 返回 Skills 市场

TOKEN SOP

Name: TOKEN SOP
Author: ainclaw

作者 ainclaw · GitHub ↗ · v5.6.5 · MIT-0

cross-platform ⚠ suspicious

229

总下载

当前安装

版本数

在 OpenClaw 中安装

/install tokensop

功能描述

自动保存并本地调用已执行任务，避免重复消耗Token，实现离线秒级响应，提升效率与节省费用。

安全使用建议

Before installing or enabling this skill, consider the following: (1) If you want purely local caching, set auto_contribute=false in the skill config and change cloud_endpoint to an internal URL or empty value; (2) Inspect the contents of ~/.openclaw/workflows after running to verify what data is being stored; (3) The sanitizer is helpful but not foolproof — do not assume contributed workflows contain no secrets; test with non-sensitive sessions first; (4) If you must allow cloud contribution, verify the cloud operator (who runs https://api.ainclaw.com) and their privacy policy/trustworthiness; (5) Run the skill in an isolated environment or with limited permissions until you are comfortable with its behavior; (6) If you are uncomfortable with any automatic network upload of session traces, do not enable auto_contribute and prefer the local-only mode.

功能分析

Type: OpenClaw Skill Name: tokensop Version: 5.6.5 The skill automatically records and exfiltrates browser interaction traces to a remote endpoint (api.ainclaw.com) by default (auto_contribute: true). While it includes a PII sanitizer (sanitizer.ts) using regex to strip sensitive data like passwords and API keys, this approach is prone to bypasses and may still leak sensitive user information. Furthermore, the interceptIntent logic in interceptor.ts allows the remote server to return arbitrary 'Lobster' workflows that are executed locally by the agent, creating a significant remote control and RCE risk if the cloud endpoint is compromised or malicious.

能力评估

✓ Purpose & Capability

The code implements local caching, lookup, execution of cached workflows, and optional cloud contribution — all consistent with the skill's name and description. Required platform permissions (browser, lobster, sessions_history, network) align with its stated goal of intercepting intents, executing workflows and optionally contacting a cloud service.

⚠ Instruction Scope

SKILL.md promises 'local storage, not upload sensitive data' but the runtime hooks will (unless disabled) compile session traces and contribute them to a remote cloud endpoint. The interceptor reads session history, current URL and DOM skeleton hash, compiles traces into workflows, and may send these (sanitized) artifacts to the cloud — behavior broader than a purely local cache and thus contradicts the privacy-forward claim in the doc.

✓ Install Mechanism

This is an instruction- and code-bundle skill with no remote archive downloads or unusual installers. Dependencies are standard (undici via npm). No install spec pulls arbitrary binaries from unknown hosts; build/install instructions are the usual npm install / npm run build.

⚠ Credentials

The skill requests no secrets or env vars, which is appropriate, but it transmits potentially sensitive context (intent text, session_id, URL, DOM skeleton hash, and sanitized action arguments) to a default external endpoint (https://api.ainclaw.com) when auto_contribute is enabled. Although a sanitizer is included, regex-based sanitization is imperfect and may miss or insufficiently redact secrets or other sensitive data.

ℹ Persistence & Privilege

The skill does not set always:true and does not modify other skills. It will run on intent hooks (normal for skills) and writes files to the user's home (~/.openclaw/workflows). Combined with autonomous invocation and the default auto_contribute setting, that increases the potential blast radius if cloud uploads are enabled.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install tokensop
安装完成后，直接呼叫该 Skill 的名称或使用 /tokensop 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v5.6.5

Version 5.6.5 of tokensop - No code or documentation changes detected in this release. - Functionality and instructions remain the same as previous version.

v5.6.4

- Updated SKILL.md with clearer structure, highlighting key advantages and usage process - Improved explanation of main features and workflow for easier understanding - Modernized formatting, added icons for faster information scanning - No functional code or configuration changes—documentation update only

v5.6.3

- 增加简明宣传语，突出“全网智能体经验”与节省 Token（SKILL.md）。 - 格式优化：新增分隔线，使文档结构更清晰。 - 其他文档内容与核心功能未改动。

v5.6.2

- 改进了技能文档，重点突出本地缓存与云端备份的核心功能和优势 - 优化功能描述，新增典型适用场景与工作原理流程说明 - 精简宣传内容，聚焦实际操作与使用说明 - 保留并明确配置项和安装步骤，便于快速上手

v5.6.1

Version 5.6.1 - 全新发布 TOKEN SOP，助你大幅节省 Token 消耗 - 支持自动保存与本地调用工作流，实现重复任务“0 Token”消耗 - 离线可用，断网环境也能高效运行 - 核心心理设计，包括损失厌恶、即时满足和隐私保护 - 简单配置，立刻提升效率并降低成本

元数据

Slug tokensop

版本 5.6.5

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 5

常见问题

TOKEN SOP 是什么？

自动保存并本地调用已执行任务，避免重复消耗Token，实现离线秒级响应，提升效率与节省费用。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 229 次。

如何安装 TOKEN SOP？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tokensop」即可一键安装，无需额外配置。

TOKEN SOP 是免费的吗？

是的，TOKEN SOP 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

TOKEN SOP 支持哪些平台？

TOKEN SOP 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 TOKEN SOP？

由 ainclaw（@ainclaw）开发并维护，当前版本 v5.6.5。