token-slim

The scanner and cleanup advice fit the stated token-optimization purpose, but the onboarding flow goes beyond auditing by mandating persistent workspace agent-config changes, including a default terse-response mode.

The skill has broad natural-language triggers and supports batch cleanup; it usually asks before moving content, but persistent config insertion/replacement is not scoped with clear per-setting consent.

The package itself has no hidden postinstall behavior in the inspected artifacts; however, its optional installer runs pip against PyPI and two mirrors and prewarms a tokenizer cache from an external OpenAI-hosted blob.

Workspace reads are mostly limited to expected context files such as MEMORY.md, AGENTS.md, memory/, memoryres/, and skills/. The scanner also writes local history outside dry-run and may create/fetch tokenizer cache data when tiktoken is available.

The skill instructs the agent to write long-lived policy blocks into the workspace agent config, replace existing token-slim blocks, record future decisions into memory files, and uses inconsistent backup guidance.