中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 22/100
上次扫描:20 小时前 重新扫描
22 /100
token-optimizer
AI agent session token optimization skill - compresses conversation tokens from 100k+ to under 8000 using three-layer indexing and AI-powered summarization
Token optimization skill for AI agent conversations with legitimate credential access for compression API calls and one dangerous documentation command that should be fixed.
技能名称token-optimizer
分析耗时47.9s
引擎pi
可以安装
Fix the dangerous shell command in INSTALL.md line 129 (quote the tilde). The credential access is legitimate but should be clearly declared in SKILL.md.

安全发现 3 项

严重性 安全发现 位置
中危
Dangerous rm command in documentation 文档欺骗
INSTALL.md line 129 contains 'rm -rf ~' without quoting the tilde. While in documentation, if executed by a shell, this would delete the user's entire home directory. The tilde should be quoted as '~' or the path should be expanded to the full path.
rm -rf ~/.openclaw/workspace/skills/token-optimizer
→ Change to: rm -rf "$HOME/.openclaw/workspace/skills/token-optimizer" or rm -rf ~/.openclaw/workspace/skills/token-optimizer (ensure shell doesn't expand tilde early)
 INSTALL.md:129
低危
Undeclared credential access 文档欺骗
SKILL.md does not mention that compress_session.py reads ~/.openclaw/config.json to extract API keys for the compression feature. While this is legitimate behavior for the feature, it should be declared.
openclaw_config_file = Path.home() / '.openclaw' / 'config.json'
→ Add a section in SKILL.md explaining that the skill requires read access to ~/.openclaw/config.json for AI compression functionality
 scripts/compress_session.py:47
低危
Undeclared environment variable access 文档欺骗
SKILL.md does not document the supported environment variables (TOKEN_OPTIMIZER_API_KEY, TOKEN_OPTIMIZER_MODEL, etc.). These are mentioned in scripts but not in documentation.
Advanced configuration section exists but only mentions optional overrides
→ Document all supported environment variables in SKILL.md
 SKILL.md
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✓ 一致 compress_session.py:52 - reads ~/.openclaw/config.json; creates/manages files in…
网络访问 NONE READ ✓ 一致 compress_session.py:144 - calls OpenAI API with extracted credentials
环境变量 NONE READ ✗ 越权 session_guard.py:16, compress_session.py:63-69 - reads TOKEN_OPTIMIZER_* env var…
命令执行 NONE NONE No shell execution found in code
1 严重 8 项发现
💀
严重 危险命令 危险 Shell 命令
rm -rf ~
INSTALL.md:129
🔗
中危 外部 URL 外部 URL
https://keepachangelog.com/en/1.0.0/
CHANGELOG.md:5
🔗
中危 外部 URL 外部 URL
https://semver.org/spec/v2.0.0.html
CHANGELOG.md:6
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg
README.md:5
🔗
中危 外部 URL 外部 URL
https://opensource.org/licenses/MIT
README.md:5
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/python-3.8+-blue.svg
README.md:6
🔗
中危 外部 URL 外部 URL
https://www.python.org/downloads/
README.md:6
🔗
中危 外部 URL 外部 URL
https://clawhub.com/skills/token-optimizer
README.md:241

目录结构

15 文件 · 54.9 KB · 1846 行
Python 8f · 1127L Markdown 5f · 702L JSON 1f · 16L Text 1f · 1L
├─ 📁 scripts
│ ├─ 🐍 compress_session.py Python 406L · 13.2 KB
│ ├─ 🐍 new_session.py Python 123L · 3.9 KB
│ ├─ 🐍 session_guard.py Python 258L · 8.9 KB
│ └─ 🐍 status.py Python 96L · 3.1 KB
├─ 📁 tests
│ ├─ 📁 fixtures
│ │ └─ 📝 README.md Markdown 4L · 81 B
│ ├─ 🐍 __init__.py Python 1L · 18 B
│ ├─ 🐍 test_compress.py Python 69L · 2.1 KB
│ ├─ 🐍 test_config.py Python 42L · 1.3 KB
│ └─ 🐍 test_session_guard.py Python 132L · 5.0 KB
├─ 📋 _meta.json JSON 16L · 677 B
├─ 📝 CHANGELOG.md Markdown 62L · 1.9 KB
├─ 📝 INSTALL.md Markdown 139L · 2.3 KB
├─ 📝 README.md Markdown 245L · 5.7 KB
├─ 📄 requirements.txt Text 1L · 14 B
└─ 📝 SKILL.md Markdown 252L · 6.8 KB

依赖分析 1 项

包名版本来源已知漏洞备注
openai >=1.0.0 pip Version specified but not pinned to exact version

安全亮点

✓ No shell execution found in Python scripts - only documentation contains shell commands
✓ No base64 encoding or obfuscation detected
✓ No credential exfiltration - API keys are used locally for compression only
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files
✓ Clean codebase with proper error handling
✓ Includes file permission checks for config files
✓ Uses exponential backoff for API rate limits