token-kill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only cost-optimization guide, with mild cautions around memory-clearing commands and any scripts the user chooses to create.
This skill appears safe as an instruction-only guide. Before following it, be aware that clearing or compressing memory can lose useful context, and any scripts you create for email, orders, APIs, or scheduled checks should be limited to the minimum access needed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Important details could be forgotten or summarized incorrectly if the user applies these commands too aggressively.
The skill explicitly recommends commands that clear or compress conversation memory/context, which is aligned with token reduction but can remove or summarize information used later.
`/new` - Start a fresh conversation and clear old context ... `/compress` - Compress memory by keeping important info and forgetting details
Use memory-clearing or compression commands deliberately, and save critical information elsewhere before clearing or compressing context.
If the user implements these scripts, they may grant scripts access to email, order systems, APIs, or other sensitive services.
The skill recommends moving repetitive work to scripts and API calls. This is central to its cost-saving purpose and no code is bundled, but user-created scripts could interact with external services or private data.
Scripts handle: Scheduled checks, data fetching, API calls, data processing
When creating such scripts, use least-privilege API keys, read-only scopes where possible, logging, and user review before any action that changes data.