Token Economy
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: token-economy Version: 1.0.3 The OpenClaw AgentSkills skill bundle 'token-economy' is classified as benign. Its stated purpose is cost optimization through intelligent model routing and context management. The `SKILL.md` and `README.md` files describe features like local token auditing (`~/.openclaw/token-audit.jsonl`), configuration management (`~/.openclaw/openclaw.json`), and a cron job for automated model switching, all of which align with its stated purpose. There is no evidence of data exfiltration, malicious execution, persistence mechanisms beyond the described cron job for a benign purpose, or prompt injection attempts designed to subvert the agent for harmful actions. The `SECURITY.md` file explicitly addresses and refutes common security concerns, further supporting the benign classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could believe installing this skill enforces routing, token caps, and budget controls when the reviewed package does not contain the code needed to verify or provide those controls.
The provided package is instruction-only with no code files or install spec, yet it claims active hooks and configuration behavior. That makes the claimed implementation and provenance unverifiable from the submitted artifacts.
This OpenClaw fork includes token-economy hooks (deployed Feb 13, 2026)
Include the actual hook/patch source, install steps, and configuration declarations, or clearly relabel the skill as documentation for an external fork rather than an operational cost-control tool.
The agent's model could be changed in the background, potentially affecting task quality or user expectations, without clear user control.
This describes persistent autonomous behavior that changes the agent's model selection, but the artifacts do not define how the cron job is installed, authorized, logged, disabled, or limited.
automatically switch back to Sonnet to save costs. A cron job checks this every 30 minutes.
Require explicit user opt-in for background model switching and document the exact cron entry, configuration file, disable command, logging, and conditions that prevent switching.
Users may overtrust claims about no network access, no credential access, hard budget caps, and large savings without being able to verify the implementation.
The security notice points users to source code and network-call verification, but the submitted artifact set contains no code. The strong safety and capability claims are therefore not supported by the package under review.
To verify safety: 1. ✅ Review the source code: TypeScript patches for OpenClaw core 2. ✅ Check network calls: None
Remove or qualify unsupported assurances, provide the referenced source code in the package, and clearly state what this skill can and cannot enforce by itself.
The audit log may reveal usage patterns, model choices, and cost information if the local file is shared or readable by others.
The skill discloses persistent local logging of usage metadata. This is purpose-aligned for budgeting, and the same file says message content and credentials are not logged.
Token Economy logs: - Model selection decisions - Token counts per request - Cost estimates
Check file permissions and retention for `~/.openclaw/token-audit.jsonl`, and avoid sharing the log unless you are comfortable exposing usage metadata.