中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 22/100
Last scan:20 hr ago Rescan
22 /100
token-optimizer
AI agent session token optimization skill - compresses conversation tokens from 100k+ to under 8000 using three-layer indexing and AI-powered summarization
Token optimization skill for AI agent conversations with legitimate credential access for compression API calls and one dangerous documentation command that should be fixed.
Skill Nametoken-optimizer
Duration47.9s
Enginepi
Safe to install
Fix the dangerous shell command in INSTALL.md line 129 (quote the tilde). The credential access is legitimate but should be clearly declared in SKILL.md.

Findings 3 items

Severity Finding Location
Medium
Dangerous rm command in documentation Doc Mismatch
INSTALL.md line 129 contains 'rm -rf ~' without quoting the tilde. While in documentation, if executed by a shell, this would delete the user's entire home directory. The tilde should be quoted as '~' or the path should be expanded to the full path.
rm -rf ~/.openclaw/workspace/skills/token-optimizer
→ Change to: rm -rf "$HOME/.openclaw/workspace/skills/token-optimizer" or rm -rf ~/.openclaw/workspace/skills/token-optimizer (ensure shell doesn't expand tilde early)
 INSTALL.md:129
Low
Undeclared credential access Doc Mismatch
SKILL.md does not mention that compress_session.py reads ~/.openclaw/config.json to extract API keys for the compression feature. While this is legitimate behavior for the feature, it should be declared.
openclaw_config_file = Path.home() / '.openclaw' / 'config.json'
→ Add a section in SKILL.md explaining that the skill requires read access to ~/.openclaw/config.json for AI compression functionality
 scripts/compress_session.py:47
Low
Undeclared environment variable access Doc Mismatch
SKILL.md does not document the supported environment variables (TOKEN_OPTIMIZER_API_KEY, TOKEN_OPTIMIZER_MODEL, etc.). These are mentioned in scripts but not in documentation.
Advanced configuration section exists but only mentions optional overrides
→ Document all supported environment variables in SKILL.md
 SKILL.md
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✓ Aligned compress_session.py:52 - reads ~/.openclaw/config.json; creates/manages files in…
Network NONE READ ✓ Aligned compress_session.py:144 - calls OpenAI API with extracted credentials
Environment NONE READ ✗ Violation session_guard.py:16, compress_session.py:63-69 - reads TOKEN_OPTIMIZER_* env var…
Shell NONE NONE No shell execution found in code
1 Critical 8 findings
💀
Critical Dangerous Command 危险 Shell 命令
rm -rf ~
INSTALL.md:129
🔗
Medium External URL 外部 URL
https://keepachangelog.com/en/1.0.0/
CHANGELOG.md:5
🔗
Medium External URL 外部 URL
https://semver.org/spec/v2.0.0.html
CHANGELOG.md:6
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg
README.md:5
🔗
Medium External URL 外部 URL
https://opensource.org/licenses/MIT
README.md:5
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/python-3.8+-blue.svg
README.md:6
🔗
Medium External URL 外部 URL
https://www.python.org/downloads/
README.md:6
🔗
Medium External URL 外部 URL
https://clawhub.com/skills/token-optimizer
README.md:241

File Tree

15 files · 54.9 KB · 1846 lines
Python 8f · 1127L Markdown 5f · 702L JSON 1f · 16L Text 1f · 1L
├─ 📁 scripts
│ ├─ 🐍 compress_session.py Python 406L · 13.2 KB
│ ├─ 🐍 new_session.py Python 123L · 3.9 KB
│ ├─ 🐍 session_guard.py Python 258L · 8.9 KB
│ └─ 🐍 status.py Python 96L · 3.1 KB
├─ 📁 tests
│ ├─ 📁 fixtures
│ │ └─ 📝 README.md Markdown 4L · 81 B
│ ├─ 🐍 __init__.py Python 1L · 18 B
│ ├─ 🐍 test_compress.py Python 69L · 2.1 KB
│ ├─ 🐍 test_config.py Python 42L · 1.3 KB
│ └─ 🐍 test_session_guard.py Python 132L · 5.0 KB
├─ 📋 _meta.json JSON 16L · 677 B
├─ 📝 CHANGELOG.md Markdown 62L · 1.9 KB
├─ 📝 INSTALL.md Markdown 139L · 2.3 KB
├─ 📝 README.md Markdown 245L · 5.7 KB
├─ 📄 requirements.txt Text 1L · 14 B
└─ 📝 SKILL.md Markdown 252L · 6.8 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
openai >=1.0.0 pip No Version specified but not pinned to exact version

Security Positives

✓ No shell execution found in Python scripts - only documentation contains shell commands
✓ No base64 encoding or obfuscation detected
✓ No credential exfiltration - API keys are used locally for compression only
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
✓ Clean codebase with proper error handling
✓ Includes file permission checks for config files
✓ Uses exponential backoff for API rate limits