TokFlow
PassAudited by ClawScan on May 1, 2026.
Overview
TokFlow appears to be a coherent local usage-monitoring skill, but it can surface sensitive cost, account-balance, and session-derived usage statistics through the agent.
TokFlow looks benign and purpose-aligned. Before installing, make sure you trust the local TokFlow backend on port 8001 and are comfortable with the agent accessing token spend, provider balances, and session-derived usage statistics.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the local TokFlow service is not the expected trusted backend, the agent could report misleading data or interact with an unintended local service.
The skill depends on a separately running local TokFlow backend that is not installed by this package. This is disclosed and purpose-aligned, but the backend is the component that provides the sensitive usage and balance data.
所有查询通过调用 TokFlow 的本地 API(`http://localhost:8001/api`)完成。 ... TokFlow 服务必须在本地 8001 端口运行
Use this skill only with a trusted TokFlow backend running on localhost:8001.
The agent may see and summarize your LLM provider balances and cost information in conversation.
The skill is designed to retrieve provider account balance information. That is expected for a cost-monitoring tool, but it is still sensitive account/financial data.
获取各渠道实时余额(DeepSeek、硅基流动等) ... `scripts/tokflow_query.py balance`
Install only if you are comfortable letting the agent access and discuss these balances and costs.
Reports may reveal when, how much, and in what style you use paid models.
The skill uses persistent local session-derived data for usage and prompt-style statistics. The included script exposes aggregates rather than raw prompts, but the underlying data source may reflect private usage patterns.
数据来源是 OpenClaw 本地 JSONL 会话文件,实时同步 ... 提问方式分析
Avoid sharing generated reports in untrusted chats, and verify the TokFlow backend’s retention and access controls if the usage data is sensitive.
The agent can trigger a local optimization-analysis refresh when the command is used.
One documented command sends a POST request to trigger generation of optimization suggestions. This is local and purpose-aligned, but it is more than a read-only query.
def cmd_generate():
return api_post("/optimization/generate")If you want strict read-only use, avoid or confirm the `generate` command before running it.