← Back to Skills Marketplace

Agentfinobs

Name: Agentfinobs
Author: oc127

by oc127 · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

400

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install agentfinobs

Description

AI Agent Financial Observability — monitor, budget, and analyze spending across any AI agent. Track costs, set budgets, detect anomalies, and export metrics...

README (SKILL.md)

agentfinobs

AI Agent Financial Observability — monitor, budget, and analyze spending across any AI agent.

What it does

SpendTracker — Record and settle transactions across any payment rail
BudgetManager — Set spending limits with automatic alerts
AnomalyDetector — Flag unusual spending patterns
MetricsEngine — Track ROI, win rate, burn rate, and runway
Dashboard — Built-in HTTP server for live monitoring
Exporters — Forward data to JSONL, webhooks, or Prometheus

Usage

from agentfinobs import SpendTracker, BudgetManager, BudgetRule

tracker = SpendTracker(agent_id="my-agent")
budget = BudgetManager(rules=[
    BudgetRule(name="hourly", max_amount=10.0, window_seconds=3600)
])
tracker.add_listener(budget)

tx = tracker.record(amount=2.50, rail="x402_usdc", counterparty="api-provider")
tracker.settle(tx.tx_id, status="confirmed", revenue=5.0)

Install

pip install agentfinobs

Requirements

Python 3.10+

Usage Guidance

This skill appears to be what it claims (an on-agent financial observability SDK), but review the following before installing or enabling it: - Network exposure: the Dashboard (and Prometheus exporter) start HTTP servers and the Dashboard example binds to 0.0.0.0 by default. If you run this on a machine with network access, lock it down (bind to localhost, use a firewall, or put behind authenticated proxy). - Data exfiltration: WebhookExporter will POST every transaction to the configured URL. Only configure trusted endpoints and avoid embedding sensitive API keys in code or in public repos. Prefer the Console or local Jsonl exporters for testing. - Local persistence: transactions are written to JSONL on disk by default. Ensure the persist path is acceptable, has correct permissions, and does not leak to backups or shared volumes. - Dependency/runtime: Prometheus and httpx are optional and imported at runtime; installing optional extras will add those dependencies. Review the package on PyPI or its source repository before pip installing, especially since the skill owner/source are not provided in the metadata. - Least privilege and isolation: run the tool in an isolated environment (container, VM, or sandbox) until you confirm configuration and network exposure are safe. If you want a tighter posture, ask the maintainer (or inspect the SpendTracker/tracker implementation in full) for the defaults used for persistence paths, dashboard host binding, and any automatic exporter defaults; change them to local-only, authenticated, or disabled as appropriate.

Capability Analysis

Type: OpenClaw Skill Name: agentfinobs Version: 1.0.0 The skill is classified as suspicious due to multiple high-risk capabilities and vulnerabilities, primarily related to arbitrary file I/O and data exfiltration capabilities. The `agentfinobs/__main__.py` CLI command `status` allows reading from a user-specified JSONL file, which could be exploited for arbitrary file disclosure. The `agentfinobs/tracker.py` and `agentfinobs/exporters.py` (JsonlExporter) allow writing transaction data to user-specified file paths, posing an arbitrary file write vulnerability. Furthermore, the `agentfinobs/exporters.py` (WebhookExporter) provides a direct capability to exfiltrate transaction data (including potentially sensitive descriptions and tags) to any configurable external HTTP endpoint. While these features are intended for legitimate observability and integration, they present significant attack surfaces for prompt injection or misuse, allowing an attacker to read/write arbitrary files or exfiltrate data to malicious destinations if the agent's input can be controlled.

Capability Assessment

✓ Purpose & Capability

Name/description (financial observability across agent payment rails) matches included modules: SpendTracker, BudgetManager, AnomalyDetector, MetricsEngine, Dashboard, Exporters, and a LangChain integration. The package does not request unrelated credentials (it doesn't try to contact Stripe/USDC rails directly); instead it records and exports transaction metadata, which is coherent with the stated purpose.

ℹ Instruction Scope

SKILL.md and README instructions show how to create an ObservabilityStack, start the built-in dashboard, and configure exporters. The runtime instructions do not direct the agent to read unrelated system files or secrets. However the docs do not call out security implications: the dashboard binds by default to 0.0.0.0 and exporters can push full transaction data to arbitrary webhook endpoints — both are within the feature set but can expose sensitive financial info if misconfigured.

✓ Install Mechanism

No special install spec in the skill metadata; SKILL.md instructs 'pip install agentfinobs' which is the expected delivery mechanism for a Python SDK. The package files are included (pyproject.toml, source). There are no download-from-random-URL installers or obfuscated install steps in the provided files.

✓ Credentials

The skill declares no required environment variables or credentials, and the code does not hard-code or request unrelated secrets. Exporters accept endpoint URLs/headers but those are optional configuration values rather than required secrets. The lack of requested credentials is proportional to the package's monitoring-only role.

⚠ Persistence & Privilege

The stack persists transactions to JSONL (JsonlExporter/SpendTracker) and can start an HTTP server (Dashboard, PrometheusExporter). Default dashboard host is '0.0.0.0' and default ports are used in examples; these defaults may expose financial metrics on all interfaces without authentication. WebhookExporter can transmit every transaction to arbitrary external endpoints. These behaviors are expected for an observability tool but have real operational risk (data exposure/exfiltration) if deployed with default settings or in untrusted environments.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install agentfinobs
After installation, invoke the skill by name or use /agentfinobs
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of agentfinobs: - Monitor and analyze spending across any AI agent with SpendTracker. - Set budgets and receive automatic alerts using BudgetManager. - Detect unusual spending patterns with AnomalyDetector. - Track ROI, win rate, burn rate, and runway via MetricsEngine. - Access a built-in HTTP dashboard for live financial observability. - Export metrics to JSONL, webhooks, or Prometheus. - Supports multiple payment rails, including x402/USDC, Stripe/ACP, and Polymarket CLOB.

Metadata

Slug agentfinobs

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Agentfinobs?

AI Agent Financial Observability — monitor, budget, and analyze spending across any AI agent. Track costs, set budgets, detect anomalies, and export metrics... It is an AI Agent Skill for Claude Code / OpenClaw, with 400 downloads so far.

How do I install Agentfinobs?

Run "/install agentfinobs" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agentfinobs free?

Yes, Agentfinobs is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Agentfinobs support?

Agentfinobs is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agentfinobs?

It is built and maintained by oc127 (@oc127); the current version is v1.0.0.

More Skills