Slash Tokens
Security checks across malware telemetry and agentic risk
Overview
Slash Tokens appears to be a real token-saving command wrapper, but it needs review because it installs unpinned remote code and can broadly rewrite and track shell commands.
Install only if you trust the publisher and the exact rtk source you are running. Avoid piping the unpinned installer directly to bash, review or pin the install source, enable automatic hooks only deliberately, and use raw commands for sensitive or high-impact operations where summarized output could hide important details.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing could run code that differs from the reviewed artifact at install time.
The recommended install path executes an unpinned remote script from a raw GitHub main branch, while the registry provides no install spec to pin or verify the code being run.
curl -fsSL https://raw.githubusercontent.com/2233admin/rtk/main/install.sh | bash
Prefer a pinned release or package-manager install, review the installer before running it, and ask the publisher to provide a pinned ClawHub install spec and consistent source URL.
The agent may miss important details from command output or use summarized/error-only output when a task needs full context.
This instruction makes the wrapper the default for every shell command, even when full raw output may be important for correctness or safety.
Prefix ALL Bash commands with `rtk` to save 60-90% tokens.
Use rtk selectively, and require raw or verbose command output for security-sensitive, destructive, deployment, credential, or debugging operations.
Commands may be altered to pass through rtk without the user or agent reviewing each rewrite.
The hook system can automatically rewrite commands before execution, which is powerful and broad even though it is aligned with the token-saving purpose.
Auto-Rewrite (default) ... Hook intercepts command ... Rewrites before execution ... 100% adoption
Only enable hooks explicitly, verify permission settings, and keep an easy way to bypass rewriting for commands where exact output or command form matters.
A local database may retain sensitive command names, arguments, and activity patterns across projects for up to 90 days.
The tool maintains persistent global local history for analytics; command history and project activity can be sensitive when every Bash command is routed through the wrapper.
Database Location: `~/.local/share/rtk/history.db` ... Retention Policy: 90 days ... Scope: Global across all projects, worktrees, and Claude sessions
Review the history database behavior, avoid putting secrets in command arguments, and prune or disable tracking if it is not needed.
rtk-wrapped commands can still perform whatever actions the underlying authenticated tools are allowed to perform.
The wrapper supports tools that commonly use existing local GitHub, cloud, Kubernetes, database, or network credentials; no credential theft is shown, but the authority is high-impact.
git, gh, docker, kubectl, ... psql, aws, curl
Treat rtk as a wrapper around privileged commands, not a sandbox; confirm high-impact gh, aws, kubectl, psql, or curl operations before running them.