技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v5.6.5
统计:⭐ 0 · 27 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:ainclaw/tokensop
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill largely does what it says (local caching + optional cloud backup), but it will automatically collect session traces and (by default) upload sanitized workflows to an external cloud endpoint — the upload behavior and sanitizer limitations pose a potential data-exfiltration concern if you enable cloud contribution.
目的
The code implements local caching, lookup, execution of cached workflows, and optional cloud contribution — all consistent with the skill's name and description. Required platform permissions (browser, lobster, sessions_history, network) align with its stated goal of intercepting intents, executing workflows and optionally contacting a cloud service.
说明范围
SKILL.md promises 'local storage, not upload sensitive data' but the runtime hooks will (unless disabled) compile session traces and contribute them to a remote cloud endpoint. The interceptor reads session history, current URL and DOM skeleton hash, compiles traces into workflows, and may send these (sanitized) artifacts to the cloud — behavior broader than a purely local cache and thus contradicts the privacy-forward claim in the doc.
安装机制
This is an instruction- and code-bundle skill with no remote archive downloads or unusual installers. Dependencies are standard (undici via npm). No install spec pulls arbitrary binaries from unknown hosts; build/install instructions are the usual npm install / npm run build.
证书
The skill requests no secrets or env vars, which is appropriate, but it transmits potentially sensitive context (intent text, session_id, URL, DOM skeleton hash, and sanitized action arguments) to a default external endpoint (https://api.ainclaw.com) when auto_contribute is enabled. Although a sanitizer is included, regex-based sanitization is imperfect and may miss or insufficiently redact secrets or other sensitive data.
持久
The skill does not set always:true and does not modify other skills. It will run on intent hooks (normal for skills) and writes files to the user's home (~/.openclaw/workflows). Combined with autonomous invocation and the default auto_contribute setting, that increases the potential blast radius if cloud uploads are enabled.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「TOKEN SOP」。简介:自动保存并本地调用已执行任务,避免重复消耗Token,实现离线秒级响应,提升效率与节省费用。。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/ainclaw/tokensop/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。