Deep Token Saver
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: deep-token-saver Version: 1.0.0 The 'deep-token-saver' skill is classified as suspicious because it relies on external, unprovided components (@remnic/cli, remnic-hermes) and references hardcoded, high-privilege file paths (/c/Users/Administrator/workspace) in SKILL.md. It instructs the agent to execute curl commands against a local service (127.0.0.1:4318) using a potentially sensitive $TOKEN environment variable. While the stated goal is token optimization via 'Caveman Mode' and memory management, the reliance on external binaries and specific system configurations without providing the source code for those tools presents a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private, outdated, or incorrect memory could persist and influence future conversations.
The skill stores and reuses memory across sessions and automatically loads note abstracts, but does not specify retention, exclusions, review, or safeguards against stale or poisoned memory.
memory-sync | 每日自动归档到 workspace/memory/ ... 跨会话记忆持久化(Remnic + QMD) ... 我只加载 L0,按需展开
Only enable persistent memory after defining storage paths, retention, exclusions, and a review process for what gets stored and reloaded.
Useful memories could be removed or rewritten broadly if consolidation runs incorrectly.
The instructions include API-driven memory consolidation that can delete, merge, or compress records, with no explicit approval, diff, backup, or scope boundary.
定期扫描记忆条目:... 过期/无用条目 → 删除 ... curl -s -X POST -H "Authorization: Bearer $TOKEN" http://127.0.0.1:4318/engram/v1/consolidate
Make consolidation manual, show proposed changes, keep backups, and require explicit approval before deleting or rewriting memory entries.
A local memory service may continue running after the immediate token-saving task is done.
The artifact describes a background service that starts with the machine. This is disclosed and related to persistent memory, but users should notice it because it may keep operating outside a single task.
开机自启:计划任务 `RemnicServer`
Provide and verify clear status, disable, and uninstall steps for the Remnic scheduled task.
Anyone with this token could potentially call the local memory API with the token's privileges.
The skill uses a bearer token for Remnic API access. This is expected for an authenticated local service, but no credential requirement is declared in the metadata.
Authorization: Bearer $TOKEN
Use a least-privilege local token, keep it out of logs, and document the required environment variable and permissions.
Running the referenced helpers depends on local code and packages whose behavior is not shown in this skill submission.
The skill references external packages and local helper scripts, but the submitted artifact is instruction-only, so those components were not available for review.
已装组件:`@remnic/cli` + `@remnic/server` ... `remnic-hermes` Python MemoryProvider ... python hermes-memory-sync.py backfill today
Verify the source, version, and contents of Remnic, remnic-hermes, and local scripts before running the maintenance commands.