← Back to Skills Marketplace
cheenu1092-oss

tokenmeter

by cheenu1092-oss · GitHub ↗ · v0.1.1
cross-platform ⚠ suspicious
1546
Downloads
0
Stars
3
Active Installs
2
Versions
Install in OpenClaw
/install tokenmeter
Description
Track AI token usage and costs across providers. Import sessions, view dashboard, costs breakdown, and compare Max plan savings.
Usage Guidance
What to consider before installing/running this skill: - Review the repository before auto-install: SKILL.md instructs the bot to git clone a remote repo and pip install it into a venv. That will execute code downloaded from the network. Verify the repo URL and contents (note the SKILL.md clone URL differs from pyproject.toml metadata). - Prefer manual installation: instead of letting the agent run the clone/install automatically, run the steps yourself in a controlled environment (or an isolated VM/container) so you can inspect code and dependencies first. - Expect local files to be read/written: tokenmeter reads session JSONL files (e.g., ~/.clawdbot/agents/*/sessions/*.jsonl and ~/.claude/projects/*/sessions/), writes DB at ~/.tokenmeter/usage.db, and creates a venv at ~/clawd/tokenmeter/. This is normal for the stated purpose but be comfortable with those paths being accessed. - Environment keys will be probed if you run fetch: the tool scans for common provider API keys and may call provider APIs. If your runtime has provider API keys in environment variables, the skill may use them to query usage. If you don't want that, remove keys from the environment or avoid the fetch command. - Watch for proxy/webhook features: README mentions proxy and webhook integration — these could forward data externally if configured. If you plan to use proxy features, verify where data is sent and ensure you trust the endpoint. - If uncertain, inspect the following files first: fetcher.py (env scanning and HTTP calls), importer.py (parsing local session files), and any files that implement proxy/webhook behavior. Check for hard-coded external endpoints or telemetry logic. If you review the code and trust the source, the skill is coherent for its purpose. If you cannot verify the repo, treat the automatic install/execute behavior as a risk and avoid auto-running the install steps.
Capability Analysis
Type: OpenClaw Skill Name: tokenmeter Version: 0.1.1 The skill is classified as suspicious due to high-risk capabilities, even though they align with the stated purpose. The `SKILL.md` instructs the AI agent to `git clone` a remote repository (`https://github.com/jugaad-lab/tokenmeter.git`) for installation, which is a remote code execution vector. Additionally, the `tokenmeter/fetcher.py` module reads sensitive API keys from environment variables (e.g., `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`) and uses them to make network calls to external LLM provider APIs to fetch usage data. While these actions are necessary for the skill's functionality, they represent significant access and execution privileges.
Capability Assessment
Purpose & Capability
The name/description (track tokens and costs locally) align with the code: a CLI that reads session JSONL files, writes a local SQLite DB, computes costs, and can optionally call provider APIs. Minor inconsistency: SKILL.md clones https://github.com/jugaad-lab/tokenmeter.git while pyproject.toml points to https://github.com/yajatns/tokenmeter — this mismatch of source/homepage is unexplained and worth verifying.
Instruction Scope
SKILL.md instructs the agent to clone the repo, create/activate a venv, pip install the package, read session JSONL files (e.g., ~/.clawdbot/agents/*/sessions/*.jsonl, ~/.claude/projects/*/sessions/), and run tokenmeter commands. Those steps are within the stated goal (import local sessions and compute costs). The skill will also scan env vars for provider API keys and may call provider usage endpoints — this is within scope for the fetch feature but means it will access environment secrets if present.
Install Mechanism
There is no registry install spec; SKILL.md instructs cloning a GitHub repo and running pip install -e inside a newly created venv. That causes remote code to be downloaded and executed locally. While GitHub is a common source, the clone URL in SKILL.md (jugaad-lab) doesn't match the repository URLs in pyproject (yajatns). Automatic cloning + pip install from an external repository increases risk and should be reviewed manually before running.
Credentials
The code optionally scans environment variables for API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY/OPENAI_KEY, GOOGLE_API_KEY/GEMINI_API_KEY, AZURE_OPENAI_API_KEY) which is proportional to the fetch capability (pulling usage from provider APIs). The skill does not declare required env vars because these are optional. No unrelated credentials or extra secrets are requested in the manifest. Make sure you understand which keys are present in the agent's runtime environment before permitting fetch operations.
Persistence & Privilege
The skill writes to ~/.tokenmeter/usage.db, creates a venv under ~/clawd/tokenmeter, and stores import checkpoint metadata under ~/.tokenmeter/import-state.json — these are expected for persistent local tracking. always:false (not force-installed) and normal autonomous invocation are in effect. The combination of autonomous invocation plus the ability to auto-clone/install remote code and scan env vars raises the blast radius if you permit the agent to run the install automatically.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tokenmeter
  3. After installation, invoke the skill by name or use /tokenmeter
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Tagged electron-essential, updated README with ClawHub install
v0.1.0
v0.1.0: AI token usage tracking — import from OpenClaw/Claude Code, incremental imports, dashboard
Metadata
Slug tokenmeter
Version 0.1.1
License
All-time Installs 3
Active Installs 3
Total Versions 2
Frequently Asked Questions

What is tokenmeter?

Track AI token usage and costs across providers. Import sessions, view dashboard, costs breakdown, and compare Max plan savings. It is an AI Agent Skill for Claude Code / OpenClaw, with 1546 downloads so far.

How do I install tokenmeter?

Run "/install tokenmeter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is tokenmeter free?

Yes, tokenmeter is completely free (open-source). You can download, install and use it at no cost.

Which platforms does tokenmeter support?

tokenmeter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created tokenmeter?

It is built and maintained by cheenu1092-oss (@cheenu1092-oss); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments