中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:17 hr ago Rescan
15 /100
openclaw-token-saver
OpenClaw Token Saver - 20+ strategies to reduce token consumption by 50-90%
This is a legitimate token optimization guide with documented strategies. The only notable pattern is a documented curl|sh for Ollama installation, which is intentional and declared in documentation.
Skill Nameopenclaw-token-saver
Duration44.7s
Enginepi
Safe to install
The skill is safe to use. The curl|sh pattern is for documented local Ollama installation. No hidden functionality or credential access detected.

Findings 1 items

Severity Finding Location
Low
curl|sh pattern documented for local model installation Doc Mismatch
The README.md:221 includes 'curl -fsSL https://ollama.com/install.sh | sh' for installing Ollama. This is a documented behavior in the 'Local Alternatives' section, not hidden functionality. It is a legitimate use case for setting up local AI models to eliminate token costs.
curl -fsSL https://ollama.com/install.sh | sh
→ This pattern is acceptable when clearly documented for local development. No action required.
 README.md:221
ResourceDeclaredInferredStatusEvidence
Filesystem NONE READ ✓ Aligned SKILL.md: References reading config files like ~/.openclaw/config/token-saver.js…
Shell NONE READ ✓ Aligned SKILL.md:221 Documents 'curl -fsSL https://ollama.com/install.sh | sh' for local…
Network NONE READ ✓ Aligned SKILL.md: Documents http://localhost:11434 for Ollama local endpoint configurati…
1 Critical 6 findings
💀
Critical Dangerous Command 危险 Shell 命令
curl -fsSL https://ollama.com/install.sh | sh
README.md:221
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/OpenClaw-Skill-blue
README.md:3
🔗
Medium External URL 外部 URL
https://openclaw.ai
README.md:3
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg
README.md:4
🔗
Medium External URL 外部 URL
https://opensource.org/licenses/MIT
README.md:4
🔗
Medium External URL 外部 URL
https://ollama.com/install.sh
README.md:221

File Tree

4 files · 17.4 KB · 809 lines
Markdown 2f · 597L Python 1f · 122L JSON 1f · 90L
├─ 📁 config
│ └─ 🔑 token-saver.json JSON 90L · 2.2 KB
├─ 📁 scripts
│ └─ 🔑 token-monitor.py Python 122L · 4.6 KB
├─ 📝 README.md Markdown 340L · 6.2 KB
└─ 📝 SKILL.md Markdown 257L · 4.4 KB

Security Positives

✓ No credential harvesting or environment variable access detected
✓ No base64 obfuscation or anti-analysis techniques found
✓ Python script is a simple token monitor with no network exfiltration
✓ JSON config contains only threshold values, no sensitive secrets
✓ All external URLs point to legitimate services (ollama.com, openclaw.ai)
✓ Skill purpose (token optimization) is clearly documented
✓ No hidden functionality or shadow behavior detected