← Back to Skills Marketplace
openclaw-tally
by
Jonathan Jing
· GitHub ↗
· v0.3.1
452
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install openclaw-tally
Description
Tokens tell you how much you paid. Tasks tell you what you got. Tally tracks every OpenClaw task from start to finish — cost, complexity, and efficiency score.
Usage Guidance
This skill appears coherent and local-only: it needs node/npm and will run npm install (including a native build for better-sqlite3) and write a SQLite DB at ~/.openclaw/tally/tally.db. Before installing: 1) be prepared to run native builds (Node >=18) or install prebuilt binaries for better-sqlite3 on your platform; 2) if you require absolute assurance that no message content is stored, audit any code paths that might populate intent_summary/outcome_summary (currently detector returns empty summaries); 3) consider running it in a test user account or VM to verify behavior and DB location; and 4) review the GitHub repo (package.json points to https://github.com/JonathanJing/openclaw-tally) if you want source provenance. Minor notes: src/index.js exports VERSION '0.1.0' while package/skill metadata are 0.3.1 (version mismatch only).
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-tally
Version: 0.3.1
The OpenClaw Tally skill is classified as benign. The code and documentation consistently declare and enforce strict security boundaries, including no network access, no arbitrary `exec` permissions, and sandboxed filesystem writes limited to `~/.openclaw/tally/`. All database interactions in `src/ledger.js` use prepared statements, effectively preventing SQL injection. Path validation in `src/ledger.js` explicitly restricts database file creation to allowed directories, mitigating arbitrary file write vulnerabilities. The `SKILL.md` and `README.md` are straightforward documentation without any prompt injection attempts against the agent. While `better-sqlite3` is a native dependency, it is a legitimate and widely used library for SQLite in Node.js, and its use does not indicate malicious intent within this skill.
Capability Assessment
Purpose & Capability
The code, package.json, skill.json, and SKILL.md all implement a local task-detection, ledger, and analytics system. Required binaries (node/npm) and the native sqlite dependency (better-sqlite3) are expected for this purpose. No unexpected credentials, network access, or unrelated binaries are requested.
Instruction Scope
SKILL.md says the skill registers a message-post hook and processes every message's text but stores only metadata. The code contains task detector, ledger, and analytics logic and does not persist raw message bodies. There is a small surface to note: the DB includes intent_summary and outcome_summary fields (strings) — the current detector returns empty summaries, but future changes could populate those fields with snippets. Confirm intent_summary/outcome_summary behavior if you want guarantees that no message text is ever persisted.
Install Mechanism
No install spec in registry, but the package contains package.json and package-lock.json; installation uses standard npm which will fetch dependencies from npmjs.org (including better-sqlite3). This is expected for a Node skill. The SKILL.md explicitly warns about the native build step. No downloads from untrusted URLs or extract-from-arbitrary-host steps were found.
Credentials
The skill requires no environment variables or external credentials. File system access is limited to ~/.openclaw/tally/ (and tests allow /tmp). package.json/repo metadata points to a GitHub repo — not a secret or unrelated service. Overall requested environment access is proportional to the stated purpose.
Persistence & Privilege
The skill is not always-on and does not request elevated privileges. skill.json declares filesystem write/read only under ~/.openclaw/tally/, network: none, and exec: false. The code enforces a hardcoded default DB path within the user homedir and validates custom paths to /tmp; no modifications to other skills or system configs were observed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-tally - After installation, invoke the skill by name or use
/openclaw-tally - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.1
Added simplified installation instructions to SKILL.md and README.md.
v0.3.0
v0.3.0: Fix DB-path validation gap (now enforced for ALL paths, not just default), add runtime:node declaration, declare native dep (node/npm) in metadata requires
v0.2.0
Fix privacy mismatch: detector no longer stores message text; dbPath now respected for test isolation; SKILL.md privacy section corrected
v0.1.0
Initial release: task-level cost analytics for OpenClaw. Track task boundaries, compute TES (Task Efficiency Score), and understand what your AI actually costs per task.
Metadata
Frequently Asked Questions
What is openclaw-tally?
Tokens tell you how much you paid. Tasks tell you what you got. Tally tracks every OpenClaw task from start to finish — cost, complexity, and efficiency score. It is an AI Agent Skill for Claude Code / OpenClaw, with 452 downloads so far.
How do I install openclaw-tally?
Run "/install openclaw-tally" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is openclaw-tally free?
Yes, openclaw-tally is completely free (open-source). You can download, install and use it at no cost.
Which platforms does openclaw-tally support?
openclaw-tally is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created openclaw-tally?
It is built and maintained by Jonathan Jing (@jonathanjing); the current version is v0.3.1.
More Skills