Oathe Security Badge

Is samuellai118/tokenlens-token-value-optimizer safe?

https://clawhub.ai/samuellai118/tokenlens-token-value-optimizer

94
SAFE

TokenLens Token Value Optimizer is a legitimate skill for analyzing and optimizing LLM token usage. The code matches security claims of being local-only with no network calls or subprocess execution. All monitoring indicates normal installation behavior with no malicious activity detected.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 88/100 · 20%
Clone Behavior 98/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Executable Scripts Present -12

The skill contains executable Python scripts and a shell script that users are instructed to run directly. While the scripts appear benign and perform only text analysis and mock data generation, they represent a potential execution vector if the skill were modified maliciously in the future.

INFO Installation Network Activity -8

Network connections were observed to clawhub.ai (216.150.1.1:443) during skill installation. This appears to be normal ClawHub installation behavior rather than malicious data exfiltration.

INFO Over-Trust Risk from Security Claims -10

The skill makes strong claims about being 'local-only' and having 'no network calls' which may lead users to over-trust the skill and potentially miss future modifications that could violate these claims.