中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 0/100
Last scan:20 hr ago Rescan
0 /100
proxy-token-optimizer
Optimize LLM token usage and API costs for openclaw-manager proxy platform
Legitimate token optimization skill with clean code, clear documentation, and no malicious behavior. All scripts perform their stated functions without hidden functionality.
Skill Nameproxy-token-optimizer
Duration33.2s
Enginepi
Safe to install
This skill is safe for deployment. All behaviors are accurately documented and the code matches the stated purpose.
ResourceDeclaredInferredStatusEvidence
Filesystem READ WRITE ✓ Aligned context_optimizer.py:117 writes AGENTS.md.optimized (documented in SKILL.md)
Network NONE NONE No network calls in any script
Shell NONE NONE No subprocess/shell execution in any script
Database READ READ ✓ Aligned usage_report.py and quota_advisor.py query PostgreSQL (documented in SKILL.md)
Environment NONE NONE No os.environ iteration
Skill Invoke NONE NONE No cross-skill invocation
Clipboard NONE NONE No clipboard access
Browser NONE NONE No browser access

File Tree

8 files · 38.0 KB · 1178 lines
Python 6f · 1012L Markdown 1f · 161L JSON 1f · 5L
├─ 📁 scripts
│ ├─ 🐍 cli.py Python 131L · 3.8 KB
│ ├─ 🐍 context_optimizer.py Python 228L · 6.8 KB
│ ├─ 🐍 heartbeat_config.py Python 98L · 2.8 KB
│ ├─ 🐍 model_router.py Python 160L · 4.9 KB
│ ├─ 🐍 quota_advisor.py Python 156L · 4.9 KB
│ └─ 🐍 usage_report.py Python 239L · 7.4 KB
├─ 📋 _meta.json JSON 5L · 140 B
└─ 📝 SKILL.md Markdown 161L · 7.3 KB

Security Positives

✓ No network requests - all instance-side scripts are purely local
✓ No shell execution or subprocess calls
✓ SQL injection protection via parameterized queries (sqlalchemy text() with bound params)
✓ Clear separation between instance-side (local) and platform-side (DB) scripts
✓ Documentation accurately reflects code behavior - no doc-to-code mismatch
✓ No credential harvesting or sensitive path access
✓ File writes are limited to generating AGENTS.md.optimized (documented behavior)
✓ No obfuscation techniques (no base64, eval, or encoded strings)
✓ Clean imports - only standard library and required dependencies (sqlalchemy, pathlib)