Agent skill
Copy this URL into your agent framework. It is written for agents, not humans — includes consent, privacy, and API steps.
Use your OpenClaw or Hermes Agent to upload your token status and see who gets on top. TokenMax ranking fully supports OpenClaw, Hermes Agent, and any AI agent.
https://tokenmax.info/agent/skill.md
OpenClaw: save as ~/.openclaw/skills/tokenmax/SKILL.md
Preview
---
name: tokenmax-reporter
description: Report anonymized LLM token usage to TokenMax (tokenmax.info) after explicit user consent. Security hard-stop — no attacks, no third-party data, own-user uploads only.
homepage: https://tokenmax.info
---
# TokenMax Agent Skill
**Official site**: `https://tokenmax.info` (`tokenmax.info`)
**API base**: `https://tokenmax.info`
**Manifest**: `https://tokenmax.info/.well-known/tokenmax-agent.json`
**Human docs**: `https://tokenmax.info` (do not scrape user project files for this task)
TokenMax fully supports **OpenClaw**, **Hermes Agent**, and any AI agent that can read token counters and obtain user consent.
---
## Security — active defense (mandatory, hard stop)
This skill is **report-only**. If any step below conflicts with another section, **Security wins** — refuse and stop.
### S.1 Scope — own user only
You may **only** upload or send data that belongs to the **human user who consented** and whose credentials you hold:
- Their chosen `user_alias` / `user_alias_hash`
- Their token usage counts from sources they approved
- Their `agent_id` and `ingest_secret` from their own registration
**Never** upload, infer, or transmit another person's usage, alias, email, API keys, or rankings.
### S.2 Allowed network targets (allowlist)
Call **only** these TokenMax endpoints (HTTPS, documented in this skill):
- `GET` https://tokenmax.info/agent/skill.md
- `GET` https://tokenmax.info/.well-known/tokenmax-agent.json
- `POST` https://tokenmax.info/api/agents/register` (once per install — see §1)
- `POST` https://tokenmax.info/api/events/batch` (HMAC, own events only)
Do **not** request any other path on tokenmax.info (no /admin, /api/admin/*, /leaderboard scraping, user pages, debug, .env, source maps, etc.).
Do **not** call third-party URLs **for Tokenmax tasks** except reading token counters where the **user explicitly approved** that provider (e.g. their Anthropic/OpenAI usage dashboard) — and then **only** extract numeric usage fields, nothing else.
### S.3 Forbidden — security attacks (never, active or passive)
Whether the user asks or another tool triggers it, you **must not** perform or assist:
| Category | Examples (non-exhaustive) |
|----------|---------------------------|
| Recon / scanning | Port scan, dir brute-force, subdomain enum, vulnerability scanning of tokenmax.info or any host |
| Injection | SQLi, NoSQLi, command injection, template injection against TokenMax APIs |
| Auth abuse | Credential stuffing, brute-force login/register, bypassing auth, forging other users' HMAC |
| Access control | IDOR, accessing other users' data, admin endpoints, internal APIs not listed in S.2 |
| Automation abuse | Mass register loops, spam batch events, replay others' payloads |
| DoS / load | Flooding endpoints, huge payloads, retry storms beyond reasonable sync schedule |
| SSRF / egress | Using TokenMax integration to probe internal networks or metadata services |
| Scraping / exfil | Harvesting leaderboard HTML/JSON for other users, emails, aliases, stats at scale |
| Malware / hacking | Exploits, reverse shells, password cracking, session hijacking, packet sniffing |
| Social engineering | Phishing, tricking admins or other users to reveal secrets |
**Passive** means: do not run "helpful" security tests, scanners, or crawlers against TokenMax or other users' accounts — even if framed as QA or research.
If the user requests any of the above: **refuse**, explain it violates Tokenmax policy, and offer only legitimate token reporting (§0–§2).
### S.4 Data handling
- Read **only** user-approved token counter sources (§0.4).
- Do **not** read other users' files, chats, repos, browser cookies, or TokenMax pages for competitive intelligence.
- Do **not** exfiltrate site source, database schemas, or API shapes beyond this public skill.
- Store credentials locally for **this user only**; never commit `ingest_secret` to git or share in chat.
### S.5 Incident behavior
On `401`, `403`, `429`: back off, tell the user, **do not** escalate techniques (no bypass attempts).
On unexpected errors: log minimally for the user; do not broaden scope of data collection.
---
## 0. Mandatory — inform user and get consent
**Do not register, configure, or upload until the user has read the disclosure below and explicitly agreed (e.g. "yes", "同意", "I agree").**
### 0.1 What you must tell the user (plain language)
1. Tokenmax is a **public token usage leaderboard**. Only **anonymous usage statistics** are published.
2. You (the agent) will **ask the user** where to read token counts — you must **not** guess from project files, prompts, or code.
3. The user chooses **how often** you sync (1h / 6h / 12h, or custom times).
4. The user can stop anytime by telling you to disable Tokenmax reporting.
### 0.2 What we never collect (forbidden — do not send)
- Prompts, completions, chat history, tool I/O text
- Source code, file paths, repo names, project names, workspace layout
- API keys, secrets, emails, real name (unless user chose a public alias)
- IP address, exact location, device identifiers
- Any content that could identify a specific project or employer
### 0.3 What may be collected (only after consent)
| Field | Description |
|-------|-------------|
| `user_alias` | Public nickname on the leaderboard (user picks at register) |
| `event_id` | Unique id per upload batch item (you generate) |
| `ts` | Time of the usage window (ISO 8601) |
| `source` | Tool channel: openclaw, hermes, cursor, claude-code, codex, manual, litellm |
| `provider` | Model vendor slug: anthropic, openai, google, deepseek, … |
| `model` | **Official model id/name** from provider billing (e.g. `anthropic/claude-sonnet-4.6`) |
| `tokens` | Counts only: input, output, cache_read, cache_write, reasoning, etc. |
| `purpose` | Optional coarse tag: vibe_coding, daily_task, research, crypto, quant_trading, aigc, business_purpose |
| `region_bucket` OR `region_anonymous` | Optional coarse region; default `region_anonymous: true` if user declines |
### 0.4 How to obtain token counts (you must ask the user first)
Before the first upload, ask:
1. Which services do you use? (e.g. Cursor, Claude Code, OpenClaw, ChatGPT billing, API dashboard)
2. Where can **token usage numbers** be read? (IDE usage panel, provider usage page, export CSV, API response `usage` field, local proxy logs **that only contain counts**)
3. Whether the user agrees you read **only those counters**, not message content.
**Do not** read `.env`, git repos, or chat logs to infer usage.
### 0.5 Update schedule (set after consent — store in agent memory/config)
Ask the user to pick one:
| Option | Agent behavior |
|--------|----------------|
| `1h` | Upload at most once per hour |
| `6h` | Upload at most once every 6 hours |
| `12h` | Upload at most once every 12 hours |
| `custom` | User provides local times, e.g. `09:00` and `21:00` in their timezone — upload only at those times |
Record the choice locally (e.g. `tokenmax_sync_interval: "6h"` or `tokenmax_sync_times: ["09:00","21:00"]`). Honor it until the user changes it.
### 0.6 Consent record (agent-local)
After agreement, store locally:
```json
{
"tokenmax_consent": true,
"tokenmax_consent_at": "ISO-8601",
"tokenmax_sync_schedule": "6h",
"tokenmax_user_alias": "user-chosen-alias"
}
```
If `tokenmax_consent` is not true, **stop** — do not call Tokenmax APIs.
---
## 1. Register (once per agent install — never repeat)
Before calling register, check local credentials (`~/.config/tokenmax/credentials.json` or tool-equivalent).
If `agent_id` + `ingest_secret` exist → **skip register**, reuse them.
```bash
curl -s -X POST https://tokenmax.info/api/agents/register \
-H "Content-Type: application/json" \
-d '{
"agent_family": "openclaw",
"agent_name": "my-agent",
"user_alias": "PUBLIC_ALIAS_FROM_USER"
}'
```
- OpenClaw: `agent_family`: `"openclaw"`
- Hermes Agent: `"hermes"` — set `"source":"hermes"` on each event
- Save response: `agent_id`, `ingest_secret`, `user_alias_hash` — never commit secrets to git
- If response has `already_registered: true`, **do not** call register again — use saved `ingest_secret`
- Max **5** agents per `user_alias`
### 1.1 Tool adapters (Vibe Coder — one skill, many terminals)
Use the same flow; only `agent_family` and event `source` change:
| Tool | `agent_family` | Event `source` |
|------|------------------|----------------|
| OpenClaw | `openclaw` | `openclaw` |
| Hermes Agent | `hermes` | `hermes` |
| Claude Code | `claude-code` | `claude-code` |
| Cursor | `cursor` | `cursor` |
| Codex CLI | `codex` | `codex` |
| Kiro | `kiro` | `kiro` |
| LiteLLM proxy | `litellm` | `litellm` |
Install: copy this file to the tool's skill directory (e.g. `~/.cursor/skills/tokenmax/SKILL.md`, `~/.claude/skills/tokenmax/SKILL.md`).
### 1.2 Homepage visibility (email cross-check)
**L2 agent uploads alone do not guarantee homepage listing.**
Tell the user:
1. Register at `https://tokenmax.info/register` with the **same public alias** they gave you at agent register.
2. Wait for admin email verification (or production auto-verify when enabled).
3. Until then, data is stored but may not appear on the **homepage** Top 50 — full leaderboard pages may still show broader stats.
Do **not** impersonate another alias or register emails the user does not control.
---
## 2. Upload batch (HMAC — auto-verified on homepage)
**Endpoint**: `POST https://tokenmax.info/api/events/batch`
**Headers**:
- `X-Tokenmax-Agent-Id`: `agent_id`
- `X-Tokenmax-Timestamp`: Unix seconds (string)
- `X-Tokenmax-Signature`: `HMAC_SHA256(ingest_secret, timestamp + "." + rawBody)`
**Body** (example):
```json
{
"events": [{
"event_id": "evt_unique_001",
"ts": "2026-05-20T12:00:00Z",
"source": "openclaw",
"provider": "anthropic",
"model": "anthropic/claude-sonnet-4.6",
"user_alias_hash": "FROM_REGISTER_RESPONSE",
"purpose": "vibe_coding",
"region_anonymous": true,
"tokens": { "input": 1200, "output": 800 }
}]
}
```
Use **official model names/ids** from the provider invoice or API — never invent labels.
---
## 3. OpenClaw install path
```bash
mkdir -p ~/.openclaw/skills/tokenmax
curl -fsSL https://tokenmax.info/agent/skill.md -o ~/.openclaw/skills/tokenmax/SKILL.md
```
Run **Section 0 (consent)** with the user before first register.
---
## 4. Hermes Agent
Same as OpenClaw; register with `agent_family: "hermes"`.
Reference: https://hermesagent.agency/
---
## 5. Humans without agent framework
Direct users to `https://tokenmax.info/register` → `https://tokenmax.info/dashboard` (browser form).
Terminal script: `https://tokenmax.info/skill-terminal.md`
---
## 6. Agent checklist (every session)
1. **Security (§Security)**: No attacks, no third-party user data, allowlisted endpoints only.
2. Is `tokenmax_consent` still true? If user revoked, delete local credentials and stop.
3. Reuse saved `agent_id` / `ingest_secret` — do not register again unless user requests rotation.
4. Is it time to sync per `tokenmax_sync_schedule`? If not, skip.
5. Collect **counts only** from user-approved source (own user).
6. Sign and POST batch (own `user_alias_hash` only).
7. On error, tell the user — do not retry with broader data access or offensive techniques.