Token省钱管家
v2.2.0OpenClaw Token省钱管家 - 智能缓存、动态路由、实时监控,运行时自动优化,降低70%成本消耗。当用户询问成本优化、Token节省、缓存策略、模型路由或需要成本监控时使用。
⭐ 0· 80·0 current·0 all-time
by@e2e5g
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (token cost control, caching, routing, monitoring) match the included code and CLI. The package implements caching, cost monitoring, model routing, and proactive controls. Minor metadata/version mismatch: registry lists v2.2.0 while files declare v2.1.1 — a non-security but provenance inconsistency to note.
Instruction Scope
SKILL.md only instructs when to use the skill (cost optimization) and basic CLI examples; it does not ask the agent to read unrelated system state or secrets. However the README suggests running install.js and the code persists data to disk (controls.json, cache.json, cost-history.json). '自动告警' in docs refers to internal alerts stored in files, not an external alerting service — a minor documentation vs behavior mismatch.
Install Mechanism
There is no external install spec in the registry. The repository includes a local install.js that creates a .openclaw/data directory and initializes controls.json. No remote downloads, no package dependencies, and no archives or third-party installers are used.
Credentials
The skill requests no environment variables or credentials. It does execute a fixed shell command ('ollama list ...') to detect local models (via child_process.exec), which is expected for its local-model-detection feature. The command is hard-coded and not built from untrusted input, so this is proportionate to its purpose. Note: the skill writes usage/cost data and control state to local files which may contain sensitive consumption information.
Persistence & Privilege
always:false and user-invocable:true. The skill persists only to its own directory (.openclaw/data) and does not modify other skills or global agent configurations. Its level of persistence is proportional to its monitoring/control purpose.
Assessment
This skill appears to be what it says: a local cost controller that stores state under .openclaw/data and detects local models with 'ollama list'. Before installing, consider: 1) Provenance — the package is from an unknown source and contains version metadata mismatch (files v2.1.1 vs registry v2.2.0); prefer packages from trusted authors. 2) Inspect repository locally — review install.js and the data files (controls.json, cache.json, cost-history.json) to ensure no unexpected behavior. 3) Data sensitivity — the skill will store usage/cost data and disabled/paused skill lists on disk; if that information is sensitive, run it in an isolated environment or change the dataDir. 4) Execution risk — it runs a fixed shell command to probe local models; this is expected but confirm your environment's PATH and that 'ollama' is trusted. 5) Network/credentials — the skill requests no credentials and makes no outbound network calls in the provided code, but if you modify it to integrate external alerting or telemetry, review that addition carefully. If you want higher assurance, run it in a sandbox or container and/or ask the author for a vetted release/source origin.Like a lobster shell, security has layers — review code before you run it.
cachevk971b6xmgsf8728fz3f976tnrs849zpccostvk971b6xmgsf8728fz3f976tnrs849zpclatestvk97fpbv53vbdabfn86tc1j2rxs849ebqopenclawvk971b6xmgsf8728fz3f976tnrs849zpcoptimizationvk971b6xmgsf8728fz3f976tnrs849zpctokenvk971b6xmgsf8728fz3f976tnrs849zpc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.