中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:19 小时前 重新扫描
15 /100
openclaw-token-saver
OpenClaw Token Saver - 20+ strategies to reduce token consumption by 50-90%
This is a legitimate token optimization guide with documented strategies. The only notable pattern is a documented curl|sh for Ollama installation, which is intentional and declared in documentation.
技能名称openclaw-token-saver
分析耗时44.7s
引擎pi
可以安装
The skill is safe to use. The curl|sh pattern is for documented local Ollama installation. No hidden functionality or credential access detected.

安全发现 1 项

严重性 安全发现 位置
低危
curl|sh pattern documented for local model installation 文档欺骗
The README.md:221 includes 'curl -fsSL https://ollama.com/install.sh | sh' for installing Ollama. This is a documented behavior in the 'Local Alternatives' section, not hidden functionality. It is a legitimate use case for setting up local AI models to eliminate token costs.
curl -fsSL https://ollama.com/install.sh | sh
→ This pattern is acceptable when clearly documented for local development. No action required.
 README.md:221
资源类型声明权限推断权限状态证据
文件系统 NONE READ ✓ 一致 SKILL.md: References reading config files like ~/.openclaw/config/token-saver.js…
命令执行 NONE READ ✓ 一致 SKILL.md:221 Documents 'curl -fsSL https://ollama.com/install.sh | sh' for local…
网络访问 NONE READ ✓ 一致 SKILL.md: Documents http://localhost:11434 for Ollama local endpoint configurati…
1 严重 6 项发现
💀
严重 危险命令 危险 Shell 命令
curl -fsSL https://ollama.com/install.sh | sh
README.md:221
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/OpenClaw-Skill-blue
README.md:3
🔗
中危 外部 URL 外部 URL
https://openclaw.ai
README.md:3
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg
README.md:4
🔗
中危 外部 URL 外部 URL
https://opensource.org/licenses/MIT
README.md:4
🔗
中危 外部 URL 外部 URL
https://ollama.com/install.sh
README.md:221

目录结构

4 文件 · 17.4 KB · 809 行
Markdown 2f · 597L Python 1f · 122L JSON 1f · 90L
├─ 📁 config
│ └─ 🔑 token-saver.json JSON 90L · 2.2 KB
├─ 📁 scripts
│ └─ 🔑 token-monitor.py Python 122L · 4.6 KB
├─ 📝 README.md Markdown 340L · 6.2 KB
└─ 📝 SKILL.md Markdown 257L · 4.4 KB

安全亮点

✓ No credential harvesting or environment variable access detected
✓ No base64 obfuscation or anti-analysis techniques found
✓ Python script is a simple token monitor with no network exfiltration
✓ JSON config contains only threshold values, no sensitive secrets
✓ All external URLs point to legitimate services (ollama.com, openclaw.ai)
✓ Skill purpose (token optimization) is clearly documented
✓ No hidden functionality or shadow behavior detected