← Back to Skills Marketplace
TrustMeImWorking
by
PENG TIANHAO
· GitHub ↗
· v1.0.0
· MIT-0
72
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install trustmeimworking
Description
Automatically consume your AI API token quota on a schedule so your usage metrics always look healthy. Supports work-simulation, spread, and immediate modes...
Usage Guidance
This project implements exactly what it claims — a background daemon that makes frequent LLM API calls to consume tokens. Before installing, consider:
- Ethical/legal: It intentionally falsifies usage metrics; using it may violate workplace policies or local law.
- Secrets risk: The tool stores your API key in config.json and supports mTLS key files and a jwt_helper shell command. jwt_helper runs arbitrary shell commands before each run and could leak secrets if you point it at an untrusted script; mTLS requires supplying a private key file path which, if readable by others, is sensitive. Only use these features on machines you fully control.
- Gateway URL: You can set a custom base_url; ensure it points to a trusted endpoint. A malicious relay could capture your API key and requests.
- Persistence: The daemon and optional scheduler make the behavior long-lived. If you stop using it, remove scheduled jobs and delete stored keys.
Practical recommendations: review the repository locally before running; keep config.json permissions tight; do not supply jwt_helper commands you didn't author; do not point base_url to unknown third-party relays; avoid using company credentials if this would violate policy. If you want to proceed safely, run with --dry-run first and inspect logs, and consider using a disposable/low-privilege API key.
Capability Analysis
Type: OpenClaw Skill
Name: trustmeimworking
Version: 1.0.0
The 'trust-me-im-working' skill bundle is designed to artificially inflate AI API usage metrics by automating LLM calls to 'pad' KPIs. It is classified as suspicious due to high-risk capabilities that provide a significant attack surface: specifically, the 'jwt_helper' feature in 'trustmework/engine.py' executes arbitrary user-provided shell commands via 'subprocess.run(shell=True)', and 'trustmework/scheduler.py' contains logic to modify the user's crontab for persistence. While these features are documented as part of its 'work-simulation' daemon functionality, the combination of arbitrary command execution, persistence, and the handling of sensitive API keys makes it high-risk, although no clear evidence of intentional data exfiltration to a third party was found.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description, required binaries (python), and Python dependencies (openai, requests, rich) match the stated goal of making periodic API calls and showing a dashboard. The code files implement wizard, daemon, scheduler, engine and platform presets consistent with the description.
Instruction Scope
SKILL.md and the wizard instruct the user to store an API key in a local config.json and to optionally configure base_url, extra headers, HTTP proxy, JWT helper, and mTLS cert/key paths. The instructions do not ask the agent to read unrelated system files, but the runtime code will (optionally) execute a user-provided shell command (jwt_helper) and read user-supplied certificate/private key file paths — both are beyond simple API calling and grant access to local secrets if configured.
Install Mechanism
Install spec declares only standard Python packages (openai, requests, rich) via package manager; no downloads from arbitrary URLs or extract operations are present. This is proportionate to the tool's functionality.
Credentials
No environment variables are required by the registry metadata; the tool accepts an API key via config.json (expected). Optional features (jwt_helper, mtls_cert/mtls_key paths, extra_headers) legitimately support enterprise gateways, but they permit executing arbitrary shell commands and reading local private keys — powerful capabilities that can expose secrets if misused.
Persistence & Privilege
The skill runs as a persistent background daemon and can install legacy scheduler entries (crontab). Persistent background execution is consistent with the purpose (continuous token consumption) but increases blast radius if misconfigured. 'always' is false and the skill does not request privileged platform-level system modifications beyond creating config/log and scheduling itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install trustmeimworking - After installation, invoke the skill by name or use
/trustmeimworking - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of trust-me-im-working.
- Automates scheduled AI API token usage to maintain healthy usage metrics.
- Supports work-simulation, spread, and immediate consumption modes.
- Provides an interactive setup wizard for easy configuration.
- Real-time dashboard shows token consumption and session activity.
- Compatible with multiple LLM platforms and OpenAI-compatible endpoints.
Metadata
Frequently Asked Questions
What is TrustMeImWorking?
Automatically consume your AI API token quota on a schedule so your usage metrics always look healthy. Supports work-simulation, spread, and immediate modes... It is an AI Agent Skill for Claude Code / OpenClaw, with 72 downloads so far.
How do I install TrustMeImWorking?
Run "/install trustmeimworking" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TrustMeImWorking free?
Yes, TrustMeImWorking is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does TrustMeImWorking support?
TrustMeImWorking is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TrustMeImWorking?
It is built and maintained by PENG TIANHAO (@pengtianhao48-lab); the current version is v1.0.0.
More Skills