← Back to Skills Marketplace
gblockchainnetwork

OpenClaw Cost Auditor

by Goroni · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1206
Downloads
0
Stars
7
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-cost-auditor
Description
Track and report OpenClaw API usage, model costs, token consumption, and forecast spending with optimization recommendations.
Usage Guidance
This skill appears to be a simple log parser that sums 'tokens: N' entries and estimates cost. Before installing: 1) Confirm whether the author intends the advertised API integrations and, if so, require explicit API credentials and documented endpoints. 2) Be aware the script reads /var/log/openclaw by default — run it with an explicit, non-privileged path first and inspect logs for sensitive content. 3) Ask for the missing files the SKILL.md references (templates/report.md, CLI wrapper) or run the script manually in a sandbox to verify behavior. 4) If you plan to allow autonomous invocation, restrict the skill's file-read permissions and ensure it cannot access unrelated system logs or secrets. 5) If you need networked metric aggregation, prefer an implementation that clearly requests and documents required credentials and safe transmission endpoints.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-cost-auditor Version: 1.0.0 The `scripts/audit.py` file is vulnerable to arbitrary file reading due to its direct use of `sys.argv[1]` for the `log_dir` without any input validation or sanitization. An attacker could potentially exploit this by providing a path to sensitive directories (e.g., `/etc`, `~/.ssh`) via prompt injection to the OpenClaw agent, leading to information disclosure. While the script itself does not exfiltrate data or exhibit other malicious behaviors, this vulnerability represents a significant security risk.
Capability Assessment
Purpose & Capability
The name/description (audit OpenClaw usage, query API metrics, forecast billing) mostly matches the included log-parsing script which sums token counts from logs. However the SKILL.md also advertises integrations with Grok/xAI API and 'custom providers' and features like PDF reports/templates, yet there are no API calls, no templates included, and no environment variables or credentials declared. That mismatch is unexplained.
Instruction Scope
The runtime script reads files under /var/log/openclaw (or a provided path) and parses all '*.log' entries for 'tokens: N'. Reading system logs is consistent with auditing but can expose sensitive information; SKILL.md gives no guidance about limiting scope, filtering PII, or where reports are stored/transmitted. The SKILL.md's Quick Start example implies a CLI invocation that isn't provided as an installed binary.
Install Mechanism
There is no install spec (instruction-only) and only a small Python script is included. This is low risk from an install vector perspective — nothing is downloaded from external URLs and no packages are installed by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for a pure log parser. However the documentation's claim of querying external APIs implies it should request API keys/credentials — the absence of any declared secrets is an inconsistency that should be explained.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or agent-wide config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-cost-auditor
  3. After installation, invoke the skill by name or use /openclaw-cost-auditor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
v1 launch: Track API/costs for agents.
Metadata
Slug openclaw-cost-auditor
Version 1.0.0
License
All-time Installs 8
Active Installs 7
Total Versions 1
Frequently Asked Questions

What is OpenClaw Cost Auditor?

Track and report OpenClaw API usage, model costs, token consumption, and forecast spending with optimization recommendations. It is an AI Agent Skill for Claude Code / OpenClaw, with 1206 downloads so far.

How do I install OpenClaw Cost Auditor?

Run "/install openclaw-cost-auditor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw Cost Auditor free?

Yes, OpenClaw Cost Auditor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does OpenClaw Cost Auditor support?

OpenClaw Cost Auditor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw Cost Auditor?

It is built and maintained by Goroni (@gblockchainnetwork); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments