← 返回 Skills 市场

Agentfinobs

Name: Agentfinobs
Author: oc127

作者 oc127 · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

400

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agentfinobs

功能描述

AI Agent Financial Observability — monitor, budget, and analyze spending across any AI agent. Track costs, set budgets, detect anomalies, and export metrics...

使用说明 (SKILL.md)

agentfinobs

AI Agent Financial Observability — monitor, budget, and analyze spending across any AI agent.

What it does

SpendTracker — Record and settle transactions across any payment rail
BudgetManager — Set spending limits with automatic alerts
AnomalyDetector — Flag unusual spending patterns
MetricsEngine — Track ROI, win rate, burn rate, and runway
Dashboard — Built-in HTTP server for live monitoring
Exporters — Forward data to JSONL, webhooks, or Prometheus

Usage

from agentfinobs import SpendTracker, BudgetManager, BudgetRule

tracker = SpendTracker(agent_id="my-agent")
budget = BudgetManager(rules=[
    BudgetRule(name="hourly", max_amount=10.0, window_seconds=3600)
])
tracker.add_listener(budget)

tx = tracker.record(amount=2.50, rail="x402_usdc", counterparty="api-provider")
tracker.settle(tx.tx_id, status="confirmed", revenue=5.0)

Install

pip install agentfinobs

Requirements

Python 3.10+

安全使用建议

This skill appears to be what it claims (an on-agent financial observability SDK), but review the following before installing or enabling it: - Network exposure: the Dashboard (and Prometheus exporter) start HTTP servers and the Dashboard example binds to 0.0.0.0 by default. If you run this on a machine with network access, lock it down (bind to localhost, use a firewall, or put behind authenticated proxy). - Data exfiltration: WebhookExporter will POST every transaction to the configured URL. Only configure trusted endpoints and avoid embedding sensitive API keys in code or in public repos. Prefer the Console or local Jsonl exporters for testing. - Local persistence: transactions are written to JSONL on disk by default. Ensure the persist path is acceptable, has correct permissions, and does not leak to backups or shared volumes. - Dependency/runtime: Prometheus and httpx are optional and imported at runtime; installing optional extras will add those dependencies. Review the package on PyPI or its source repository before pip installing, especially since the skill owner/source are not provided in the metadata. - Least privilege and isolation: run the tool in an isolated environment (container, VM, or sandbox) until you confirm configuration and network exposure are safe. If you want a tighter posture, ask the maintainer (or inspect the SpendTracker/tracker implementation in full) for the defaults used for persistence paths, dashboard host binding, and any automatic exporter defaults; change them to local-only, authenticated, or disabled as appropriate.

功能分析

Type: OpenClaw Skill Name: agentfinobs Version: 1.0.0 The skill is classified as suspicious due to multiple high-risk capabilities and vulnerabilities, primarily related to arbitrary file I/O and data exfiltration capabilities. The `agentfinobs/__main__.py` CLI command `status` allows reading from a user-specified JSONL file, which could be exploited for arbitrary file disclosure. The `agentfinobs/tracker.py` and `agentfinobs/exporters.py` (JsonlExporter) allow writing transaction data to user-specified file paths, posing an arbitrary file write vulnerability. Furthermore, the `agentfinobs/exporters.py` (WebhookExporter) provides a direct capability to exfiltrate transaction data (including potentially sensitive descriptions and tags) to any configurable external HTTP endpoint. While these features are intended for legitimate observability and integration, they present significant attack surfaces for prompt injection or misuse, allowing an attacker to read/write arbitrary files or exfiltrate data to malicious destinations if the agent's input can be controlled.

能力评估

✓ Purpose & Capability

Name/description (financial observability across agent payment rails) matches included modules: SpendTracker, BudgetManager, AnomalyDetector, MetricsEngine, Dashboard, Exporters, and a LangChain integration. The package does not request unrelated credentials (it doesn't try to contact Stripe/USDC rails directly); instead it records and exports transaction metadata, which is coherent with the stated purpose.

ℹ Instruction Scope

SKILL.md and README instructions show how to create an ObservabilityStack, start the built-in dashboard, and configure exporters. The runtime instructions do not direct the agent to read unrelated system files or secrets. However the docs do not call out security implications: the dashboard binds by default to 0.0.0.0 and exporters can push full transaction data to arbitrary webhook endpoints — both are within the feature set but can expose sensitive financial info if misconfigured.

✓ Install Mechanism

No special install spec in the skill metadata; SKILL.md instructs 'pip install agentfinobs' which is the expected delivery mechanism for a Python SDK. The package files are included (pyproject.toml, source). There are no download-from-random-URL installers or obfuscated install steps in the provided files.

✓ Credentials

The skill declares no required environment variables or credentials, and the code does not hard-code or request unrelated secrets. Exporters accept endpoint URLs/headers but those are optional configuration values rather than required secrets. The lack of requested credentials is proportional to the package's monitoring-only role.

⚠ Persistence & Privilege

The stack persists transactions to JSONL (JsonlExporter/SpendTracker) and can start an HTTP server (Dashboard, PrometheusExporter). Default dashboard host is '0.0.0.0' and default ports are used in examples; these defaults may expose financial metrics on all interfaces without authentication. WebhookExporter can transmit every transaction to arbitrary external endpoints. These behaviors are expected for an observability tool but have real operational risk (data exposure/exfiltration) if deployed with default settings or in untrusted environments.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agentfinobs
安装完成后，直接呼叫该 Skill 的名称或使用 /agentfinobs 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of agentfinobs: - Monitor and analyze spending across any AI agent with SpendTracker. - Set budgets and receive automatic alerts using BudgetManager. - Detect unusual spending patterns with AnomalyDetector. - Track ROI, win rate, burn rate, and runway via MetricsEngine. - Access a built-in HTTP dashboard for live financial observability. - Export metrics to JSONL, webhooks, or Prometheus. - Supports multiple payment rails, including x402/USDC, Stripe/ACP, and Polymarket CLOB.

元数据

Slug agentfinobs

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Agentfinobs 是什么？

AI Agent Financial Observability — monitor, budget, and analyze spending across any AI agent. Track costs, set budgets, detect anomalies, and export metrics... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 400 次。

如何安装 Agentfinobs？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agentfinobs」即可一键安装，无需额外配置。

Agentfinobs 是免费的吗？

是的，Agentfinobs 完全免费（开源免费），可自由下载、安装和使用。

Agentfinobs 支持哪些平台？

Agentfinobs 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Agentfinobs？

由 oc127（@oc127）开发并维护，当前版本 v1.0.0。