token-saver
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: tsaver Version: 2.0.0 The 'tsaver' skill bundle provides a comprehensive framework for auditing and optimizing token usage by reading and modifying OpenClaw configuration files (e.g., `openclaw.json`, `jobs.json`) and workspace content. It includes instructions to execute shell commands via 'python3' for JSON validation (Phase 4B) and suggests creating new recurring tasks (Phase 5A) for monitoring. While these capabilities are aligned with the stated purpose of token optimization, the broad file access, modification of system prompts, and execution of shell-based validation scripts present a significant attack surface. No clear evidence of data exfiltration or intentional malice was found, but the high-privilege operations warrant a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill could change model selection, schedules, prompts, or tool profiles, which may reduce cost but also alter how OpenClaw agents behave.
The skill may make persistent configuration changes to optimize token use. This is disclosed and purpose-aligned, and higher-risk changes require approval, but direct application of 'Safe' changes can still affect future agent behavior.
Techniques marked **Moderate** or **High** risk involve config changes, profile switches, or task merging... get explicit approval... Techniques marked **Safe** can be applied directly.
Before applying optimizations, ask the agent to show a diff, create backups, and get confirmation for any config change that affects scheduled tasks, model choices, tools, or prompts.
The generated audit report may expose details about private workspace context, memory summaries, or startup files.
The skill inspects startup context files and compacted context summaries. This is relevant to token auditing, but file names, sizes, prompts, or summaries may reveal private workspace information if copied into reports.
List every file that is injected at session start... If LCM (Lossless Context Management) is active, note the number and average size of compacted summary blocks injected per turn.
Review the audit report before sharing it, and ask the agent to report only names/sizes or redacted summaries rather than sensitive file contents.
There may be ambiguity about whether credential-bearing OpenClaw configuration is involved.
The supplied capability signal indicates possible sensitive-credential relevance, while the requirements list no required credentials. The visible SKILL.md excerpt does not show credential collection or transmission, so this is a metadata/capability notice rather than evidence of credential misuse.
requires-sensitive-credentials
Do not provide API keys, tokens, cookies, or session credentials unless the agent clearly explains why they are needed; prefer redacted config views for token-audit work.