← Back to Skills Marketplace
1vecera

Zai Usage

by Daniel Vecera · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
395
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install zai-usage
Description
Monitor Z.AI GLM Coding Plan usage and quota limits. Track token consumption, view reset times, and check subscription status.
Usage Guidance
This skill is mostly coherent for monitoring Z.AI usage, but review the following before installing: - Verify credential expectations: README and most scripts use ZAI_JWT_TOKEN (a browser session JWT), but scripts/check-usage.sh references ZAI_API_KEY and different guidance. Ask the author or update/remove the mismatched script to ensure you only provide the intended secret. - Treat the JWT as a sensitive credential: copying a token from browser localStorage can grant access to your account. Only store it in a secure file (e.g., ~/.openclaw/secrets/zai.env) with file permissions set to 600 and avoid committing it to git. - Prefer using least-privilege / short-lived credentials where possible. If Z.AI provides an API key mechanism with limited scope or expiration, use that instead of a full session JWT. - Confirm network behavior: the scripts only call https://api.z.ai/api/monitor/usage/quota/limit. If you see any other endpoints in future updates, review them carefully. - If you are uncomfortable extracting tokens from browser storage, contact Z.AI support or check whether they provide an official API key or OAuth flow for monitoring usage. Given the credential-name mismatch and the sensitive nature of the JWT extraction step, proceed only after resolving the inconsistency and ensuring secure handling of the token.
Capability Analysis
Type: OpenClaw Skill Name: zai-usage Version: 1.1.0 The skill bundle is designed to monitor Z.AI usage and quotas. All scripts (`check-usage.sh`, `quick-check.sh`, `usage-summary.sh`) interact with the legitimate `https://api.z.ai` endpoint using a JWT token. The `SKILL.md` and `README.md` files provide clear, non-malicious instructions for setup and usage, explicitly guiding users to store the token securely in `~/.openclaw/secrets/zai.env`. While `scripts/usage-summary.sh` includes a `load_token` function that checks additional, less secure locations (`$SKILL_DIR/.env`, `~/.zai.env`) as fallbacks, this is a minor vulnerability (potential for insecure user choice) rather than malicious intent, as the documentation correctly advises the secure path, and the script does not exploit these locations or exfiltrate data. There is no evidence of data exfiltration, malicious execution, persistence, prompt injection, or obfuscation.
Capability Assessment
Purpose & Capability
The scripts and documentation all target Z.AI usage monitoring and call a single API endpoint (https://api.z.ai/api/monitor/usage/quota/limit), which is consistent with the skill description. However, one script (scripts/check-usage.sh) expects a variable named ZAI_API_KEY and suggests retrieving a key from /dashboard, while the README/SKILL.md and the other scripts use ZAI_JWT_TOKEN taken from browser localStorage. This mismatch is unexplained and unnecessary for the described purpose.
Instruction Scope
Runtime instructions confine activity to reading a locally-stored token and calling the Z.AI API. The SKILL.md explicitly instructs the user to copy a JWT from browser DevTools (localStorage key z-ai-open-platform-token-production) — a sensitive operation but relevant to the stated task. The scripts search multiple local locations for the token (~/.openclaw/secrets/zai.env, SKILL_DIR/.env, ~/.zai.env, environment), which increases convenience but also broadens where the secret may be stored.
Install Mechanism
There is no install spec and no remote downloads. The skill is instruction-only with local shell scripts; nothing in the manifest causes arbitrary code to be fetched or executed at install time.
Credentials
The only secret the skill uses is a bearer token (JWT) for the Z.AI API, which is proportionate for a usage-monitoring tool. However, the aforementioned inconsistency between ZAI_JWT_TOKEN vs ZAI_API_KEY is suspicious: one script requires a differently-named credential and suggests a different retrieval path. Also, the skill instructs the user to extract a session JWT from browser localStorage — this token can grant account access and should be handled carefully. The skill reads secrets from multiple local paths, which is convenient but increases exposure if those files are not secured.
Persistence & Privilege
The skill does not request always:true, does not modify system-wide settings, and does not require any special persistent privileges. It only reads locally stored secrets and calls the Z.AI API.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install zai-usage
  3. After installation, invoke the skill by name or use /zai-usage
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Improved documentation, better error handling, multiple token location support
v1.0.1
Initial release - usage monitoring for Z.AI GLM Coding Plan
v1.0.0
Z.AI Usage Monitor v1.0.0 - Initial release for tracking Z.AI GLM Coding Plan usage and quota. - Monitor 5-hour and monthly token consumption and view reset times. - Check web tool usage, subscription status, and receive visual status icons for current usage. - Provides scripts and setup instructions for quick usage and status checks. - Supports simple, natural language usage queries.
Metadata
Slug zai-usage
Version 1.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Zai Usage?

Monitor Z.AI GLM Coding Plan usage and quota limits. Track token consumption, view reset times, and check subscription status. It is an AI Agent Skill for Claude Code / OpenClaw, with 395 downloads so far.

How do I install Zai Usage?

Run "/install zai-usage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Zai Usage free?

Yes, Zai Usage is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Zai Usage support?

Zai Usage is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Zai Usage?

It is built and maintained by Daniel Vecera (@1vecera); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments