TokenSaver
ReviewAudited by ClawScan on May 10, 2026.
Overview
TokenSaver looks like a plausible local context-memory tool, but it can automatically index private OpenClaw workspace memory/profile files and has weak file-path containment.
Before installing, decide whether you want this skill to read and index your OpenClaw workspace memories and profile/config files. Use a dedicated, non-sensitive workspace if possible, verify the PyPI package source, and avoid giving it untrusted or attacker-controlled memory URIs until path containment is fixed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private workspace memory or profile information could be stored and automatically recalled into later agent sessions; poisoned or outdated local context could also influence future answers.
The auto-sync module indexes local OpenClaw workspace memory, daily logs, agent configuration, and user profile files into a reusable context store by default.
workspace_path: str = "~/.openclaw/workspace" ... def index_workspace(self): ... "MEMORY.md" ... "memory/*.md" ... "AGENTS.md" ... "USER.md" ... self.vector_store.batch_index(documents)
Require explicit user opt-in before indexing workspace files, document exactly which paths are read, add exclusions for sensitive files, and provide clear retention and deletion controls.
A crafted URI containing path traversal segments could cause the agent to create or overwrite JSON files outside the intended TokenSaver storage area.
Storage paths are derived directly from the caller-supplied URI without normalization or checks that the final path remains inside the intended database directory.
path = self._uri_to_path(context.uri) ... with open(path, 'w', encoding='utf-8') ... def _uri_to_path(self, uri: str) -> Path: ... return self.base_path / f"{uri}.json"Normalize and resolve paths, reject absolute paths and '..' segments, and enforce that all writes remain under the configured TokenSaver data directory.
Users may install code that differs from the reviewed files if the package source or version is not verified.
The skill asks users to install unpinned external packages from a package index. This is purpose-aligned setup, but provenance and version pinning are not established in the artifact.
pip install tokensaver ... pip install 토큰세이버 ... pip install tokensaver[speed]
Install only from a trusted package source, prefer pinned versions and hashes, and compare the installed package with the reviewed source.