I use Claude Code every day. And every day, I watched it burn tokens on things like git status, docker ps, npm test — commands my shell could answer in milliseconds.
It bothered me enough to build something about it.
The problem
When you're deep in a coding session, you ask Claude a lot of small operational questions. What branch am I on? Are there uncommitted changes? What's running on port 3000?
None of these need a language model. They need a shell. But because they're typed into Claude's input, they become API calls — with input tokens, output tokens, latency, and cost.
Multiply that across a full workday and it adds up fast.
The idea
What if something sat between you and Claude, caught those deterministic commands, ran them locally, and handed the result back — before Claude ever saw them?
That's token-ninja.
When you type a command it recognizes, runs it locally, and returns the result in original colors with a small dimmed footer line showing the save. The model is never invoked. Zero input tokens. Zero output tokens. Everything conversational flows through to Claude untouched.
The install experience
I wanted zero friction. One command, no config, works on the next session.
npm install -g token-ninja
A postinstall hook registers token-ninja as an MCP server in Claude Code, Cursor, and Claude Desktop automatically. Existing configs are preserved. A backup is created before any file is touched. Run ninja uninstall to remove everything.
What I learned building it
A few things surprised me along the way.
Safety is harder than classification. Getting the classifier right took a weekend. Getting the safety layer right — especially evasion tricks like homoglyph attacks, base64-encoded commands, and chained operators — took much longer. I ended up checking safety twice: once on the raw input, once on the resolved command after template expansion.
Natural language is messier than I expected. "Show me recent commits" and "what did we push last" and "list the last 10 commits" all mean the same thing. Building keyword groups that cover real usage patterns without false positives required a lot of iteration and real command fixtures.
Auto-setup is a trust problem. Writing to someone's config files during postinstall is a big ask. I added backups, dry-run mode, and ninja uninstall specifically because I'd want those guarantees myself before trusting any tool that touches my dev environment.
Try it
npm install -g token-ninja
GitHub: https://github.com/oanhduong/token-ninja
It's free and open source. If you use Claude Code daily, give it a try and let me know what commands it misses — that's the fastest way to help.
Top comments (0)