Back to skill
Skillv3.0.0
VirusTotal security
Token Saver · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:17 AM
- Hash
- c8932aa85135fbb27e384835f9817fbe0f5c36d2323092310b5a29394325975c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: token-saver Version: 3.0.0 The skill is classified as suspicious due to its use of prompt injection and persistence mechanisms, despite these being disclosed and intended for benign token optimization. Specifically, `scripts/compressor.js` contains hardcoded instructions like 'Auto-execute.' and 'Internal actions (read/organize/learn): free' that directly influence agent behavior. Furthermore, `scripts/optimizer.js` modifies `AGENTS.md` to enable a 'Persistent Mode' by appending writing guidance, which is a form of persistence and prompt injection. While these actions are disclosed in `SKILL.md` and `audit.json` and align with the stated purpose of cost reduction, they represent high-risk capabilities that modify core agent instructions.
- External report
- View on VirusTotal