ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Token Optimizer

v1.0.0

Optimize OpenClaw token usage and cost by auditing context injection, trimming workspace files (AGENTS.md/SOUL.md/MEMORY.md and daily memory), enabling promp...

3· 2.5k·9 current·9 all-time
by@ccjingeth
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md explicitly audits OpenClaw config and workspace injections and produces openclaw.json patches and trimming plans. It does not request unrelated binaries, credentials, or config paths.
Instruction Scope
The runtime instructions ask the agent to locate and inspect local OpenClaw config files and injected workspace files (e.g., ~/.openclaw/openclaw.json, AGENTS.md, MEMORY.md, memory/YYYY-MM-DD.md). That behavior is proportionate to a token-optimization audit, but it means the agent will be guided to read local files and suggest edits; the SKILL.md does not include explicit safeguards (backup/review steps) before applying changes, so the user should review any proposed edits before applying them.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low-risk from an installation/execution perspective (nothing is downloaded or written by an installer).
Credentials
The skill declares no required environment variables, credentials, or config paths. Mentioned filesystem paths are reasonable and relevant for the stated purpose (auditing OpenClaw config and workspace files).
Persistence & Privilege
always:false and no install means the skill does not request forced persistence. The skill's recommendations (e.g., enabling heartbeats, cache warmers, compaction, cron changes) could increase automated activity or change runtime behavior if applied — users should consider these operational effects before applying changes. Autonomous invocation (disable-model-invocation:false) is platform-default and not by itself a red flag.
Assessment
This skill is internally consistent and appears to do what it says: audit configs and recommend concrete openclaw.json edits and workspace trimming. Before installing or following its recommendations, backup your openclaw.json and workspace files and review any config patches the skill provides. Be cautious about: (1) automated 'heartbeat' or cron recommendations that could increase API calls if applied without adjustment, (2) compaction/memory-flush prompts that change where session content is stored, and (3) any advice that instructs the agent to search or modify many files — run that with explicit user approval. Verify suggested JSON keys are supported by your OpenClaw version/provider before applying, and roll out changes in stages (quick wins first) as the skill itself recommends.

Like a lobster shell, security has layers — review code before you run it.

latestvk978w3e0wc2ppkdtrbwed5tfns81adhq
2.5kdownloads
3stars
1versions
Updated 3h ago
v1.0.0
MIT-0
@ccjingeth
latest
Download

OpenClaw Token Optimizer

Overview

Deliver a practical audit and configuration plan that cuts input tokens and unnecessary calls while keeping answer quality. Provide concrete config edits, workspace file trimming guidance, and a prioritized rollout plan.

Workflow

1) Scope and locate configuration

  • Identify the OpenClaw config file location (common paths include ~/.openclaw/openclaw.json, .openclaw/openclaw.json, or project root config).
  • List injected workspace files in scope (e.g., AGENTS.md, SOUL.md, TOOLS.md, IDENTITY.md, USER.md, HEARTBEAT.md, MEMORY.md, and memory/YYYY-MM-DD.md).
  • Confirm provider and model support for prompt caching and memory search to avoid proposing unsupported keys.

2) Baseline token sources

  • Break input cost into buckets: system prompt, tool schema, workspace files, memory files, and conversation history.
  • Use a rough sizing method if exact token counts are unavailable (e.g., characters/4 as a quick estimate) and call out that the estimate is approximate.

3) Input reduction (highest ROI)

  • Trim workspace files first. Target budgets:
    • AGENTS.md: keep only essential agent rules and policies.
    • SOUL.md: reduce to short persona bullets.
    • MEMORY.md: keep durable facts only; archive the rest.
    • memory/YYYY-MM-DD.md: prune or rotate daily logs.
  • Remove unused workspace injections in config (e.g., if TOOLS.md or IDENTITY.md is unused).
  • Prefer memory search over full-file injection for large memories. If using qmd, index only needed paths.

4) Cache and context control

  • Enable prompt caching for the primary model when supported. Set cacheRetention to a long window and keep a consistent system prompt to maximize cache hits.
  • Configure heartbeat to keep the cache warm (e.g., ~55 minutes), using a low-cost model and a minimal heartbeat prompt.
  • Enable context pruning with a TTL that matches the cache window to prevent unbounded history growth.
  • Add compaction with memory flush so long sessions preserve durable decisions while clearing history.

5) Call reduction

  • Audit cron and scheduled tasks. Consolidate overlapping checks, reduce frequency, and move non-creative tasks to cheaper models.
  • Configure delivery to be on-demand or only on change to avoid no-op calls.

6) Model strategy

  • Default to a cost-effective model for routine work and provide aliases for manual upgrades to premium models.
  • Use subagents for parallel, isolated tasks with cheaper models to avoid bloating the main context.

7) Deliverables

Provide:

  • A short audit summary and estimated savings.
  • A concrete config patch or JSON snippet for openclaw.json.
  • A list of files to trim, with before/after size targets.
  • A phased rollout plan (quick wins first, then advanced options).

References

  • Use references/openclaw-token-optimization.md for configuration snippets, checklists, and qmd guidance.

Comments

Loading comments...