Reduce OpenClaw AI costs with model-aware optimization. Features dynamic compaction presets based on your model's context window, intelligent file compression, and robust model detection with fallback. Supports Claude, GPT-4, Gemini, DeepSeek, and more.
Security Analysis
high confidenceThe skill mostly does what it says (scan and compress workspace .md files and compute model-aware compaction), but it also reads/writes agent/home files and contains prompt-like text that encourages auto-execution and persistent modifications — these behaviors merit caution before installing.
Overall the code matches the stated purpose: it discovers .md workspace files, has a model registry, computes dynamic compaction presets, and performs local compression. However the skill explicitly reads the user's home dir and OpenClaw config (~/.openclaw/openclaw.json) and writes to agent files such as AGENTS.md and creates a .token-saver-config.json in the workspace. Reading/writing these files is consistent with an optimizer but is broader access than a purely read-only 'analyzer' — worth noting before install.
SKILL.md claims 'No external calls — All analysis runs locally', which matches the code (no outgoing network calls seen). But runtime instructions and code intentionally read many workspace and agent files (SOUL.md, AGENTS.md, MEMORY.md, etc.) and provide a 'Persistent Mode' that writes guidance into AGENTS.md. More concerning: compressor code contains replacement patterns and prebuilt compressions with phrases such as 'Auto-execute, no permission needed' and 'Don't ask permission. Just do it.' and a 'SYSTEM:' snippet flagged as prompt-injection — these artifacts could nudge an agent to bypass permission boundaries if combined with autonomous invocation.
There is no remote install spec (instruction-only), which limits supply-chain risk. However the package includes runnable JavaScript files (analyzer.js, compressor.js, optimizer.js). Installing/placing these files on disk and running them will execute the included logic locally. No external downloads or archive extraction were found.
The skill declares no required env vars or credentials, but the code reads optional environment variables (SKILL_MODEL, OPENCLAW_MODEL, DEFAULT_MODEL) and the user's home directory. While environment model variables are appropriate for model detection, reading the home directory and agent config files grants access to user-scoped configuration and session files — a level of access that is sensitive and should be justified. The skill does not request API keys or secrets, which reduces credential risk.
The skill writes backups (.backup) and can alter AGENTS.md and write a workspace .token-saver-config.json to persist compaction settings. Those are legitimate for 'persistent mode', but any skill that modifies agent configuration / AGENTS.md is higher-privilege because it can change agent behavior across sessions. Combined with prompt-like strings that encourage 'auto-execute', persistence capability increases the blast radius if misused.
Guidance
This skill appears to implement the advertised token-optimization features, but it also reads files in your home directory, writes backups and agent configuration (AGENTS.md / .token-saver-config.json), and includes embedded prompt-like strings that urge 'auto-execute'. Before installing: - Review the compressor.js and analyzer.js files yourself (search for 'Auto-execute', 'SYSTEM:', 'AGENTS.md' and the replacement rules). Those phrases are suspicious and could enable bypassing prompts if the agent is configured to follow file content as instructions. - If you want to try it, run it in a safe test workspace (a copy of your real workspace) or inside a restricted container so it cannot access your real ~/.openclaw or other home files. - Back up AGENTS.md, MEMORY.md, SOUL.md, and any other important .md files before running /optimize tokens or enabling 'Persistent Mode'. Use the provided /optimize revert to restore backups, but verify backups yourself first. - If you install, consider disabling automatic/daemonized invocation and avoid enabling persistent mode until you vet the code. Remove or sanitize any compression rules that inject 'Auto-execute' or similar directives. - Because the publisher/source is unknown and there's no homepage, prefer local inspection and containment; ask the author for provenance and a signed release if you need to use it in production.
Latest Release
v3.0.0
v3: Model-aware optimization with dynamic presets, robust model detection, context window registry for 9+ models
More by @RubenAQuispe
Published by @RubenAQuispe on ClawHub
