Wave Token Saver
ReviewAudited by ClawScan on May 14, 2026.
Overview
The skill is a coherent token-optimization guide, but its quick paths tell the agent to apply changes to OpenClaw task/model behavior without confirmation or validation.
Use this skill as an advisory audit tool, but ask it to produce an inventory, proposed changes, and a rollback plan before editing anything. Back up `~/.openclaw/cron/jobs.json` and `openclaw.json`, keep validation enabled for scheduled tasks, and review any generated report before sharing it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change recurring tasks, prompts, or model choices before you review exactly what will be edited.
The skill authorizes direct changes to model/task behavior without explicit user approval, even though model routing and prompt changes can affect automated agent outcomes.
Apply Safe techniques only, no user confirmation needed ... Quick Wins ... B1 (right-size each task — cheapest viable model) ... Apply directly without audit preamble.
Require a proposed diff and explicit approval before any config, prompt, cron, or model-routing changes are applied.
A mistaken model downgrade or prompt change could repeatedly affect scheduled OpenClaw tasks until manually noticed and reverted.
The skill targets scheduled automation and then allows quick workflows to skip validation/monitoring, so a bad optimization could keep recurring across future runs.
Read your cron/scheduled task configuration (e.g. `~/.openclaw/cron/jobs.json`). ... Skip Phase 4 and Phase 5 — just log the changes
Back up cron/config files, validate changes on one task first, and keep the validation/monitoring phase for any scheduled automation.
You may be led to approve or allow changes that are not actually risk-free for your workflows.
The absolute 'zero-risk' framing and removal of confirmation could cause users or agents to over-trust changes that still affect model quality, outputs, and task behavior.
Go straight to these high-impact, zero-risk techniques ... no user confirmation needed
Treat these as recommendations, not guaranteed safe actions; ask the agent to explain expected impact and rollback steps.
Private project filenames, sizes, and context/memory usage could appear in the audit report.
The audit inspects local startup context and persistent summary metadata, which is purpose-aligned for token measurement but may involve private workspace or memory-related information.
List every file that is injected at session start ... workspace root directory ... If LCM ... note the number and average size of compacted summary blocks injected per turn.
Review the generated report before sharing it and exclude sensitive workspaces or summaries if you only need a high-level estimate.