Skillv1.0.0

ClawScan security

TokenRanger · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 5:32 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Instructions, requirements, and actions described in the skill are coherent with a local compression/sidecar plugin for TokenRanger; nothing requested is disproportionate to that purpose.
Guidance: This skill is internally consistent with a local compression sidecar, but before installing you should: (1) verify the plugin package and repo (openclaw-plugin-tokenranger) on GitHub and npm to ensure you trust the maintainer; (2) inspect the plugin's service unit / launchd plist and start scripts that will be installed (~/.openclaw/extensions/... and user-level systemd/LaunchAgents) so you know what commands will run as a persistent service; (3) be aware the setup downloads Ollama models and Python deps (large network activity and disk usage) and will run a local HTTP sidecar bound to localhost — confirm it does not expose data to the network; (4) backup any important OpenClaw config before changing plugin entries; and (5) if you need higher assurance, review the plugin source code or test in an isolated VM/container first.

Review Dimensions

Purpose & Capability: okThe skill claims to install and operate a local TokenRanger sidecar that compresses context via Ollama and LangChain; the SKILL.md only requires the openclaw CLI and instructs installing an OpenClaw plugin and running local setup. Required binaries/envs are consistent with that purpose.
Instruction Scope: noteThe runtime instructions include installing the plugin, creating a Python venv, pulling Ollama models, installing FastAPI/LangChain deps, and registering a user-level service (systemd/launchd). These actions are within scope for a sidecar-based compression plugin, but they do modify user configuration and start persistent local services and access local logs/service status for troubleshooting.
Install Mechanism: noteThis is an instruction-only skill (no embedded install spec). It instructs the user to run 'openclaw plugins install openclaw-plugin-tokenranger' (and references a GitHub repo and npm package). That is lower risk than an arbitrary URL download, but the actual code will be fetched when the user runs the install command — so verify the upstream package/source before installing.
Credentials: okThe skill does not request environment variables, secrets, or unrelated credentials. Its operations (local sidecar, Ollama, service files, logs) are proportional to the stated functionality.
Persistence & Privilege: noteThe setup registers a user-level persistent service (systemd user or launchd agent) and writes files under the user's home (~/.openclaw, ~/.config, ~/Library). This persistent presence is expected for a local sidecar but is a privileged local change — the skill does not set always:true and does not request system-wide elevated privileges.