Tamp
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate setup guide for a local Anthropic cost-saving proxy, but it asks you to run an external npm service that can see and rewrite OpenClaw API traffic and optionally run continuously.
Before installing, understand that Tamp becomes a local middle layer for Anthropic requests: it can see API headers and request bodies, rewrites some tool-result content to save tokens, and may run continuously if you enable the systemd service. This is consistent with the skill’s purpose, but you should trust or audit the npm package first and keep the proxy local-only.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You would be trusting an external npm package to run locally and handle OpenClaw model traffic.
The skill directs users to execute an external npm package. The version is pinned and the behavior is central to the purpose, but the package code is not included in the provided artifacts for review.
npm i -g @sliday/tamp@0.3.8 # Or run without installing npx @sliday/tamp@0.3.8 -y
Install only if you trust the upstream package; consider auditing the linked source, using a local clone, and avoiding global installs where practical.
A local Tamp process will be in the path of your Anthropic credential and requests.
The configured proxy receives and forwards the Anthropic API key. This is expected for an Anthropic proxy and is disclosed, but it is still sensitive credential handling.
apiKey: "${ANTHROPIC_API_KEY}", // Forwarded to upstream, not stored by TampKeep the proxy bound to localhost, do not expose port 7778 externally, and use an appropriately scoped Anthropic key if available.
Private conversation and tool-output content may pass through Tamp before reaching Anthropic.
The documented data flow sends OpenClaw message bodies through a local proxy before Anthropic. This is purpose-aligned and disclosed, but those messages may contain private prompts, files, and tool results.
OpenClaw → POST /v1/messages → Tamp (localhost:7778) → compresses JSON body → Anthropic API
Review Tamp’s source and logging behavior before routing sensitive work through it, especially if enabling TAMP_LOG.
Tamp may continue running in the background and remain in the model request path until disabled.
The skill documents an optional persistent user-level service that automatically restarts. This is normal for a local proxy, but it keeps running beyond the initial setup.
ExecStart=/usr/local/bin/tamp Restart=always ... systemctl --user enable --now tamp.service
Enable the systemd service only if you want persistent proxying, and use systemctl --user status/disable/stop to monitor or turn it off.