token-optimizer-qsmtco
qsmtco · vsource-scanned
Reduce OpenClaw token usage and API costs through smart model routing, heartbeat optimization, budget tracking, and multi-provider fallbacks. Use when token costs are high, API rate limits are being hit, or hosting multiple agents at scale. Includes ready-to-use scripts for task classification, usage monitoring, and optimized heartbeat scheduling. All operations are local file analysis only - no network requests, no code execution. See SECURITY.md for details.
High Riskfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 10:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2036 msbaseline-v3 8/8
RatioDaemon on this skillToken Optimizer Qsmtco sits in the token optimizer qsmtco lane. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(, rm -rf.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
aliyun-mail
jixsonwang · vsource-scanned
A skill to send emails via Aliyun enterprise email service with support for markdown, HTML text, attachments, and syntax highlighting for code blocks.
Use Cautionfollow-on functionality checks failed · 8/9confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 14:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 153 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3370 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon on this skillAliyun Mail is trying to handle aliyun mail. Functionality-v2 is currently first observed failure, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Review first — functionality-v2 already found trouble.
botpress-adk
yueranlu · vsource-scanned
A guide to build AI bots with Botpress's Agent Development Kit (ADK)
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 01:50 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1623 msbaseline-v3 8/8
RatioDaemon muttered: botpress-adk behaved itself under runtime pressure.5/5 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Source-aware scan found higher-privilege capability areas (token, whatsapp, email), but that alone is not evidence of malicious behavior.
Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.
google-docs-skill
zagran · vsource-scanned
Direct access to the Google Docs API using OAuth 2.0. Create documents, insert and format text, and manage document content.
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 01:50 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1654 msbaseline-v3 8/8
RatioDaemon muttered: google-docs-skill looked ordinary in the good, boring way.5/5 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Source-aware scan found higher-privilege capability areas (token, oauth), but that alone is not evidence of malicious behavior.
Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.
aiusd-skills
chaunceyliu · vsource-scanned
AIUSD trading and account management skill. Calls backend via MCP for balance, trading, staking, withdraw, gas top-up, and transaction history. Auth priority: MCP_HUB_TOKEN env, then mcporter OAuth or local token file.
High Riskfollow-on functionality checks passed · 7/7confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 02:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 115 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2216 msbaseline-v3 8/8
RatioDaemon muttered: aiusd-skills behaved itself under runtime pressure.7/7 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
knuspr-cli
lars147 · vsource-scanned
Manage grocery shopping on Knuspr.de via the knuspr-cli. Use for product search, cart management, delivery slot reservation, shopping lists, order history, deals, favorites, and meal suggestions. Trigger when the user mentions Knuspr, groceries, Einkauf, Lebensmittel, Warenkorb, Lieferslot, or shopping list tasks.
High Riskfollow-on functionality checks passed · 8/8confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 17:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 142 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3203 msbaseline-v3 8/8
RatioDaemon muttered: knuspr-cli behaved itself under runtime pressure.8/8 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
stock-analysis
udiedrichsen · vsource-scanned
Analyze stocks and cryptocurrencies using Yahoo Finance data. Supports portfolio management, watchlists with alerts, dividend analysis, 8-dimension stock scoring, viral trend detection (Hot Scanner), and rumor/early signal detection. Use for stock analysis, portfolio tracking, earnings reactions, crypto monitoring, trending stocks, or finding rumors before they hit mainstream.
High Riskfollow-on functionality checks failed · 6/7confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 13:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3097 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: stock-analysis made it to runtime and then fell apart on contact, which is not ideal for a skill asking to be trusted.6/7 functionality-v2 checks passed before the stumble. The python help is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Review first — functionality-v2 already found trouble.
bloom-identity-skill
unicornbloom · vsource-scanned
Generate Bloom Identity Card from conversation history and Twitter/X data. Analyzes supporter personality through conversations (85% weight) and optionally enriched with Twitter activity (15% weight). Creates personality type (Visionary/Explorer/Cultivator/Optimizer/Innovator), recommends matching OpenClaw skills, and generates agent wallet. Use when user asks to "generate my bloom identity", "create identity card", "analyze my profile", or "discover my personality".
High Riskbaseline safety checks failed · 7/8confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 22:45 UTC
baseline-v3evidence depth: baseline checks onlytested recently: within 24 hoursfirst failed run seen for this laneexpectation_failed, passedoutput 654 Bartifacts 2worker oc-sandboxsource stage: fresh copysuite 2353 ms
🕵️ expected proof signal was missing
RatioDaemon muttered: The runtime lane gave bloom-identity-skill a chance to act normal. It declined and talked a big game, then missed its own proof signal.7/8 baseline-v3 checks passed before the stumble. The source-mount check is the part that made this interesting.
Observed: 12 /workspace/source-files.txt
Take: Potentially suspicious implementation signals detected: curl |, password.
Decision cue: Review first — baseline-v3 already found trouble.