← Back to Skills Marketplace
Token Burn Monitor
by
Kaspar Chen
· GitHub ↗
· v5.3.1
· MIT-0
511
Downloads
0
Stars
4
Active Installs
5
Versions
Install in OpenClaw
/install token-burn-monitor
Description
Real-time token consumption monitoring dashboard for OpenClaw agents. Tracks per-agent token usage, cost breakdown by model, cache hit rates, cron job status...
Usage Guidance
This package is coherent for running a local token/cost dashboard, but consider the following before installing: (1) session JSONL files may contain sensitive user prompts — keep showPrompts disabled (default) unless you explicitly trust the machine and purpose; (2) inspect any custom themes you add before enabling them (themes are served to localhost and could display or fetch data if modified); (3) verify you have a trusted Node.js runtime and run it on a machine where local-only access is acceptable; (4) the published source/homepage are unknown in the registry metadata — if provenance matters, obtain the repository or author contact and verify integrity before production use.
Capability Analysis
Type: OpenClaw Skill
Name: token-burn-monitor
Version: 5.3.1
The token-burn-monitor skill is a legitimate utility for tracking token usage and costs across OpenClaw agents. The code (server.js) and instructions (SKILL.md) align with the stated purpose, implementing several security best practices such as binding the server to 127.0.0.1, enforcing a strict Content Security Policy (CSP) to prevent data exfiltration from the browser, and redacting user prompts by default. It operates with zero external dependencies and includes path traversal protections for its theme-based static file serving.
Capability Assessment
Purpose & Capability
Name/description promise (per-agent token/cost/cron monitoring) matches the code and SKILL.md: server.js scans an agents directory for session JSONL files, reads a cron jobs file, computes token/cost stats and serves a localhost-only dashboard. Declared filesystem reads (agents sessions and cron jobs) are expected for this purpose.
Instruction Scope
SKILL.md and server.js limit activity to local reads, serving a localhost-only GET API and static theme files. Important privacy note: session files can include user prompts; prompts are redacted by default but will be returned (up to 300 chars) if SHOW_PROMPTS or config.showPrompts is enabled. The instructions do not attempt to read unrelated system files or make outbound network requests.
Install Mechanism
No install spec; packaged as node scripts with start.sh/setup.sh. start.sh uses nohup node server.js and writes a PID/log to /tmp. No external downloads or package installs are performed by the provided scripts. Requires a Node.js runtime already present (documented).
Credentials
The skill does not request environment secrets and only references OPENCLAW_AGENTS_DIR, OPENCLAW_HOME and PORT (all appropriate for discovering sessions and cron data). The only sensitive data access is reading session JSONL files (explicit and justified by the dashboard purpose); the SKILL.md documents redaction behavior and opt-in for showing prompts.
Persistence & Privilege
The skill is not always-enabled and uses normal service scripts (start/stop) that affect only its own process and PID file; it does not modify other skills or global agent settings. Autonomous invocation (model invocation) is allowed by platform default but not combined with other concerning privileges here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install token-burn-monitor - After installation, invoke the skill by name or use
/token-burn-monitor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v5.3.1
v5.3.1: Align all documentation — remove stale CORS claims from API.md, declare env vars and permissions in SKILL.md, default theme uses system fonts (zero external requests), CSP tightened to self-only.
v5.3.0
v5.3: Eliminated child_process and CORS entirely. Cron data read from filesystem. Server only imports http/fs/path. GET-only, localhost-bound, CSP-protected.
v5.2.0
v5.2: Hardened security — replaced execSync with execFileSync, added CSP headers, path traversal guard, prompts redacted by default.
v5.1.0
v5.1: Security fixes — sanitize shell inputs, bind to localhost only, restrict CORS, truncate user prompts by default.
v5.0.0
v5.0: Modular architecture with swappable themes and stable API layer.
Metadata
Frequently Asked Questions
What is Token Burn Monitor?
Real-time token consumption monitoring dashboard for OpenClaw agents. Tracks per-agent token usage, cost breakdown by model, cache hit rates, cron job status... It is an AI Agent Skill for Claude Code / OpenClaw, with 511 downloads so far.
How do I install Token Burn Monitor?
Run "/install token-burn-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Token Burn Monitor free?
Yes, Token Burn Monitor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Token Burn Monitor support?
Token Burn Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Token Burn Monitor?
It is built and maintained by Kaspar Chen (@kasparchen); the current version is v5.3.1.
More Skills