SR
SkillRadar
Agent security + benchmarks
Menu

Security first

Safety Radar beta now; performance benchmarks, private registries, and runtime skill recommendations next.

Trust Report v1

TOKEN节约器

✂️ TOKEN节约器 - 工作流程控制器。通过问题预检、路径验证、进度检查、错误快速定位,防止重复无效工作,节约TOKEN消耗。兼容Windows/Mac/Linux/MaxClaw/ClawHub。

Overall
57
Trust
50
Utility
78
Momentum
35

Install caution

High-risk behavior present

Risk: High

Source: OpenClaw Master Skills

Path: skills/token-optimizer-1-0-0/SKILL.md

Review flags: credential or secret references, network access or external URLs, package installation commands, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.

Required permissions

  • Environment variables / secrets
  • Shell commands
  • Network/API usage

Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.

Risk flags explained

credential_or_secret_referencehigh

Mentions tokens, API keys, passwords, or private-key style environment variables.

network_accessmedium

Mentions external URLs, network APIs, downloads, or HTTP client usage.

package_installmedium

Mentions package installation or dependency-fetching commands.

shell_commandmedium

Contains shell command snippets. Review commands before copy/paste or agent execution.

Score explanation

Trust

  • Trust starts at 90 before review-signal penalties and metadata bonuses.
  • Risk-signal penalty: -50 from 4 detected flag(s).
  • Metadata bonus: +10 from author/version/description fields.

Utility

  • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
  • Description present: yes.
  • Command examples detected: 0.
  • Environment variables detected: 2.

Momentum

  • Momentum starts at 45 and uses public repo activity signals.
  • No last-commit timestamp available from public metadata.
  • No recent commits found in the lookback window.

Overall

  • Overall score weights trust 45%, utility 35%, and momentum 20%.

Detected signals

Env vars

  • API
  • TOKEN

Commands

None detected in SKILL.md text scan.

URLs

  • https://img.shields.io/badge/Compatible-MaxClaw%20%7C%20ClawHub-orange
  • https://img.shields.io/badge/Platform-Windows%20%7C%20Mac%20%7C%20Linux-blue
  • https://img.shields.io/badge/Version-1.1.0-green

Watch this skill

Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.

Join watchlist beta

Methodology note

SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.

View source SKILL.mdBack to changesView sources