Skip to main content

optimizacion-consumo-tokens-openclaw

Diagnoses and resolves high token consumption issues in OpenClaw bots, optimizing costs through targeted analysis and intervention.

Install this skill

or
29/100

Security score

The optimizacion-consumo-tokens-openclaw skill was audited on May 12, 2026 and we found 19 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 185

Template literal with variable interpolation in command context

SourceSKILL.md
185```bash
medium line 398

Template literal with variable interpolation in command context

SourceSKILL.md
398```bash
medium line 421

Curl to non-GitHub URL

SourceSKILL.md
421PROVIDER_USAGE=$(curl -s https://api.provider.com/usage | jq .pct_used)
medium line 428

Curl to non-GitHub URL

SourceSKILL.md
428curl -X POST "https://api.telegram.org/bot$TG_TOKEN/sendMessage" \
low line 461

Webhook reference - potential data exfiltration

SourceSKILL.md
461webhook auth sin def → público
medium line 199

Access to root home directory

SourceSKILL.md
199BAK_NAME="/root/${BOT}-session-archive-$TS.jsonl"
medium line 262

Access to root home directory

SourceSKILL.md
262grep -r "$KEY" /root/ 2>/dev/null | grep -v "_history\|.archive"
medium line 375

Access to root home directory

SourceSKILL.md
375□ Backups archivados (.archived-TS) presentes en /root/
medium line 384

Access to root home directory

SourceSKILL.md
384□ grep -r "KEY_VIEJA" /etc/ /root/ /tmp/ → vacío
medium line 405

Access to root home directory

SourceSKILL.md
405docker cp $BOT:/home/node/.clawdbot/clawdbot.json /root/${BOT}-config-bak-$TS.json
medium line 409

Access to root home directory

SourceSKILL.md
409/root/${BOT}-session-bak-$TS.jsonl
medium line 35

Access to .env file

SourceSKILL.md
35| **4. Consumo externo** | API key reusada en otros sistemas (backups, .env, etc.) | Discrepancia entre audit interno y facturación |
low line 295

Access to .env file

SourceSKILL.md
295# Ejemplo: container "miro-fish" que tenía la key en su .env
low line 297

Access to .env file

SourceSKILL.md
297sed -i 's/^LLM_BOOST_API_KEY=.*/LLM_BOOST_API_KEY=DISABLED_BLEED_PROTECTION/' /app/.env
medium line 336

Access to .env file

SourceSKILL.md
336- Key encontrada en .env de MiroFish, backups SQL paperclip, bash_history
medium line 359

Access to .env file

SourceSKILL.md
359| Buscar bug en métricas cuando hay discrepancia interna/externa | El problema es un tercer actor con tus credenciales | Rotar key + auditar dónde aparece (.env, backups, history) |
low line 455

Access to .env file

SourceSKILL.md
455Vector 4: ¿Quién más usa esta API key? (backups, .env)
low line 421

External URL reference

SourceSKILL.md
421PROVIDER_USAGE=$(curl -s https://api.provider.com/usage | jq .pct_used)
low line 428

External URL reference

SourceSKILL.md
428curl -X POST "https://api.telegram.org/bot$TG_TOKEN/sendMessage" \
Scanned on May 12, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedMay 13, 2026
openclawapiml-ai-engineerdevops-sretechnical-supportopenaidevelopmentsupport
semaes111/PROYECTO-SKILLS