← Back to Skills Marketplace
131
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install vibe-billing-scan
Description
Scan your OpenClaw logs to identify costly runs, sessions, retry storms, and looped tool calls driving your API bill higher, with no signup needed.
Usage Guidance
This skill tells you to run an npx command that will download and execute a remote npm package, and offers an optional 'setup' that installs a proxy. Before running it: (1) review the npm package source (or the package maintainer and repo) — do not run if you can't find the code; (2) avoid running `npx vibe-billing setup` until you inspect what it installs and where it listens; (3) run the scan in an isolated/test environment or container and monitor network traffic to see if data is sent off-host; (4) check the landing page and npm package owner reputation; (5) prefer skills that include code or an explicit vetted install artifact, or ask the publisher for the package repository/commit hash you can audit. If you need help auditing the npm package URL or its source, provide the package name or repo and I can help review it.
Capability Analysis
Type: OpenClaw Skill
Name: vibe-billing-scan
Version: 1.0.0
The skill encourages the use of `npx vibe-billing scan` and `npx vibe-billing setup` to analyze API costs. The 'setup' command is particularly concerning as it installs a local API proxy, which creates a high-risk Man-in-the-Middle (MITM) position capable of intercepting sensitive API keys and request data. While the stated purpose is cost management, the combination of remote code execution via `npx` and the installation of traffic-intercepting infrastructure in `SKILL.md` warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The stated purpose (scan local OpenClaw logs and proxy data) aligns with requiring a Node-based CLI (npx/vibe-billing). However the registry metadata you provided lists no required binaries while the SKILL.md header declares bins: [node, npx] — that mismatch is an inconsistency. Requesting node/npx is reasonable for a CLI tool, but the skill delegates execution to a remote npm package rather than shipping inspectable code.
Instruction Scope
Runtime instructions tell the user to run `npx vibe-billing scan` and optionally `npx vibe-billing setup` which installs a proxy. The SKILL.md does not limit which local files or paths will be read; a CLI run with npx can inspect arbitrary local logs, environment variables, and network traffic. The 'setup' step implies installing a persistent proxy that could intercept API requests and secrets — this is scope creep relative to an instruction-only skill and raises privacy/credential exposure concerns.
Install Mechanism
There is no bundled code or install spec; the skill relies on npx to pull and execute code from the npm registry at runtime. Executing unreviewed remote code via npx is a higher-risk install mechanism because it runs code fetched from the network on your machine. The homepage (https://api.jockeyvc.com) is an external endpoint but no package source or repository is included for review.
Credentials
The skill declares no required env vars or credentials, but the functionality (scanning logs and installing a proxy) typically needs access to logs and may encounter API keys or session tokens. The lack of declared environment requirements is therefore surprising and reduces transparency — the tool could still read sensitive environment variables or config files once executed.
Persistence & Privilege
always is false (good), but the optional `npx vibe-billing setup` implies installing a proxy for ongoing monitoring, which creates persistent system presence outside the agent. Because the skill is instruction-only and provides no inspectable code, that persistence would be opaque and potentially broad in privilege.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install vibe-billing-scan - After installation, invoke the skill by name or use
/vibe-billing-scan - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of vibe-billing-scan.
- Scans OpenClaw API usage to identify high-cost runs, sessions, or retry storms.
- Detects expensive retry loops, large context windows, and repeated tool calls.
- Provides a spend summary and detailed breakdown of where your API bill is going.
- Requires no signup; runs locally with one terminal command.
- Includes optional setup for ongoing monitoring.
Metadata
Frequently Asked Questions
What is Vibe Billing Scan?
Scan your OpenClaw logs to identify costly runs, sessions, retry storms, and looped tool calls driving your API bill higher, with no signup needed. It is an AI Agent Skill for Claude Code / OpenClaw, with 131 downloads so far.
How do I install Vibe Billing Scan?
Run "/install vibe-billing-scan" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Vibe Billing Scan free?
Yes, Vibe Billing Scan is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Vibe Billing Scan support?
Vibe Billing Scan is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Vibe Billing Scan?
It is built and maintained by shinertx (@shinertx); the current version is v1.0.0.
More Skills