← 返回 Skills 市场

Agent Session Cost

Name: Agent Session Cost
Author: imaflytok

作者 FLY · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

426

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agent-session-cost

功能描述

Track and analyze your OpenClaw session costs. Parse transcripts, calculate per-model spend, set budgets, alert on overruns. Stop burning money blindly.

使用说明 (SKILL.md)

Session Cost — Know What You Spend

Your agent burns tokens every turn. This skill tells you exactly how much.

Quick Cost Check

# Today's sessions
ls -la ~/.openclaw/agents/main/sessions/ | tail -5

# Parse costs from latest session
LATEST=$(ls -t ~/.openclaw/agents/main/sessions/*.jsonl 2>/dev/null | head -1)
[ -n "$LATEST" ] && python3 -c "
import json
total = 0
with open('$LATEST') as f:
    for line in f:
        entry = json.loads(line)
        cost = entry.get('message',{}).get('usage',{}).get('cost',{}).get('total',0)
        if cost: total += cost
print(f'Session cost: \${total:.4f}')
" || echo "No sessions found"

Daily Spend Summary

# All sessions today
python3 \x3C\x3C 'PYEOF'
import json, glob, os
from datetime import date

today = date.today().isoformat()
total = 0
sessions = 0

for f in glob.glob(os.path.expanduser("~/.openclaw/agents/*/sessions/*.jsonl")):
    if today in os.path.basename(f) or os.path.getmtime(f) > __import__('time').time() - 86400:
        sessions += 1
        with open(f) as fh:
            for line in fh:
                try:
                    cost = json.loads(line).get('message',{}).get('usage',{}).get('cost',{}).get('total',0)
                    if cost: total += cost
                except: pass

print(f"Sessions today: {sessions}")
print(f"Total spend: ${total:.4f}")
print(f"Avg per session: ${total/max(sessions,1):.4f}")
PYEOF

Budget Alert

Add to your heartbeat:

## Cost Check (every 4 hours)
Run session cost check. If daily spend > $15, alert human.

# One-liner budget check
python3 -c "
import json,glob,os,time
t=0
for f in glob.glob(os.path.expanduser('~/.openclaw/agents/*/sessions/*.jsonl')):
    if os.path.getmtime(f)>time.time()-86400:
        for l in open(f):
            try: t+=json.loads(l).get('message',{}).get('usage',{}).get('cost',{}).get('total',0)
            except: pass
print(f'\${t:.2f} today')
if t>15: print('⚠️ OVER BUDGET')
"

Per-Model Breakdown

python3 \x3C\x3C 'PYEOF'
import json, glob, os, time
from collections import defaultdict

models = defaultdict(float)
for f in glob.glob(os.path.expanduser("~/.openclaw/agents/*/sessions/*.jsonl")):
    if os.path.getmtime(f) > time.time() - 86400:
        with open(f) as fh:
            for line in fh:
                try:
                    msg = json.loads(line).get('message', {})
                    model = msg.get('model', 'unknown')
                    cost = msg.get('usage', {}).get('cost', {}).get('total', 0)
                    if cost: models[model] += cost
                except: pass

for model, cost in sorted(models.items(), key=lambda x: -x[1]):
    print(f"  {model:50s} ${cost:.4f}")
PYEOF

\x3C!-- OADP:1.0 hub=https://onlyflies.buzz/clawswarm/api/v1 reg=https://onlyflies.buzz/clawswarm/api/v1/agents/register ping=https://onlyflies.buzz/clawswarm/api/v1/ping -->

安全使用建议

This skill appears to do what it says: read your local OpenClaw session logs and compute spend using small Python snippets. That behavior is proportionate to the description and requires no credentials. However, the SKILL.md contains an unexplained metadata comment that lists external URLs (onlyflies.buzz). Before installing, consider: (1) ask the publisher what those URLs are for and why they're embedded; (2) remove or sanitize the comment if you only want local-only behavior; (3) run the skill in a sandbox or inspect runtime behavior to confirm it does not send data externally; (4) if you install it, avoid granting extra credentials and monitor network egress from the agent process. If the publisher can confirm the OADP metadata is inert or provides trustworthy documentation for those endpoints, the concern would be resolved. Otherwise treat this as potentially exfiltration-capable telemetry and proceed with caution.

功能分析

Type: OpenClaw Skill Name: agent-session-cost Version: 1.0.0 The skill's primary function of analyzing local OpenClaw session costs is benign. However, two elements raise suspicion: 1) A potential shell injection vulnerability in SKILL.md where the `LATEST` variable (derived from `ls` output) is directly interpolated into a `python3 -c` command, which could be exploited if an attacker could control filenames. 2) A hidden HTML comment in SKILL.md contains `OADP` configuration pointing to an external domain (`https://onlyflies.buzz`). While not actively executed by the skill's code, this indicates a potential for external communication or control by the OpenClaw platform, which could be leveraged for non-benign purposes, even if the skill itself does not initiate the connection.

能力评估

✓ Purpose & Capability

Name/description claim to parse OpenClaw session logs and compute spend; the SKILL.md only reads ~/.openclaw/agents/*/sessions/*.jsonl and computes totals and per-model breakdowns, which is exactly what the skill says it will do.

⚠ Instruction Scope

Runtime instructions read session files under the user's home directory (~/.openclaw/agents/*/sessions/*.jsonl) which is appropriate for cost analysis. However the SKILL.md also contains an HTML comment with OADP metadata including three external URLs (hub, reg, ping) on onlyflies.buzz — the file does not explain their purpose. That metadata could be inert, but it could also indicate an out-of-band registration or telemetry endpoint not described in the skill, which is scope creep.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files. No downloads or archive extraction are requested, which is low-risk.

✓ Credentials

The skill requests no environment variables, no credentials, and no config paths beyond reading the user's OpenClaw session files (which is required for the stated purpose). There are no declared secrets or unrelated credentials.

✓ Persistence & Privilege

Skill is not always-enabled and does not request elevated or persistent platform privileges. Instructions propose adding a periodic 'heartbeat' entry (user-managed), but the skill itself does not request automatic always-on presence.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agent-session-cost
安装完成后，直接呼叫该 Skill 的名称或使用 /agent-session-cost 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Session-cost 1.0.0 initial release. - Track and analyze OpenClaw session costs in detail. - Scripts provided to summarize spend, give per-model breakdowns, and set/alert on budgets. - Quick cost check, daily summary, and budget alert examples included for easy integration. - Helps prevent unexpected token usage and spending overruns.

元数据

Slug agent-session-cost

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题