功能描述

Add usage metering and billing telemetry to OpenClaw agents using Drip. Use when you need per-run cost attribution, tool-call usage tracking, and customer-le...

使用说明 (SKILL.md)

Drip OpenClaw Billing

Name: Drip OpenClaw Billing
Author: lucas-309

Instrument OpenClaw agents with Drip for run timelines, tool-call usage metering, and customer-level billing attribution.

Install (copy/paste)

clawhub install drip-openclaw-billing

Use slug only in CLI (drip-openclaw-billing), not owner/slug.

What this gives you

Per-run billing traceability (start_run → events → usage → end_run)
Metered usage by unit (tokens, tool calls, API calls, compute time)
Customer/project-level cost and usage visibility in Drip
Idempotent writes for retry-safe telemetry

Integration paths

Recommended: DRIP_API_KEY with /v1/* endpoints for full billing + telemetry control.
Lightweight: OPENCLAW_IDENTITY_TOKEN with /openclaw/* endpoints.

Security rules

Use least-privilege runtime keys (prefer scoped telemetry key).
Never send raw prompts, raw model outputs, credentials, or PII.
Send sanitized metadata only (hash content fields like queryHash when needed).
Emit stable idempotency keys for all writes.
Validate payload schemas in staging before production rollout.

Quickstart (Node.js)

import { OpenClawBilling } from '@drip-sdk/node/openclaw';

const billing = new OpenClawBilling({
  apiKey: process.env.DRIP_API_KEY,
  customerId: 'cus_123',
  workflowId: process.env.DRIP_WORKFLOW_ID ?? 'wf_openclaw',
});

await billing.withRun({ externalRunId: 'openclaw_req_456' }, async ({ runId }) => {
  await billing.withToolCall({ runId, provider: 'brave', endpoint: '/res/v1/web/search' }, async () => {
    // tool execution
  });
});

Quickstart (Python)

from drip import Drip
import os

client = Drip(api_key=os.environ['DRIP_API_KEY'])
run = client.start_run(customer_id='cus_123', workflow_id='wf_openclaw', external_run_id='openclaw_req_456')
client.emit_event(run_id=run.id, event_type='tool.call', quantity=1, metadata={'provider': 'brave'})
client.track_usage(customer_id='cus_123', meter='brave_api_calls', quantity=1, metadata={'runId': run.id})
client.end_run(run.id, status='COMPLETED')

Load detailed API docs

See references/API.md for:

endpoint shapes
run/event/usage lifecycle
pricing units and rate-limit notes
error handling patterns

安全使用建议

This skill appears to do exactly what it says: send run, event, and usage telemetry to Drip. Before installing: 1) Confirm which metadata is authoritative (the registry summary said 'no required env vars' but SKILL.md/_meta.json list DRIP_API_KEY and others). 2) Use a scoped, least-privilege DRIP_API_KEY (or the lightweight OPENCLAW_IDENTITY_TOKEN) and avoid giving any key that allows full account control. 3) Verify the Drip SDKs referenced in the examples are available in your agent runtime or supply/install them in a controlled way. 4) Validate in staging that the agent never sends raw prompts, model outputs, credentials, or PII (the skill requests this, but enforcement depends on your instrumentation). 5) Review the concrete Drip endpoints you will be posting to (DRIP_BASE_URL) and confirm you trust that service and its retention/processing policies. If you want higher assurance, ask the publisher for the actual SDK/package sources or a link to the Drip API docs/owner homepage before deploying in production.

功能分析

Type: OpenClaw Skill Name: drip-openclaw-billing Version: 1.1.1 The skill is a legitimate telemetry and billing integration for OpenClaw agents using the Drip service (api.drippay.dev). The documentation in SKILL.md and references/API.md explicitly includes security best practices, such as instructions to never send raw prompts, PII, or credentials, and recommends data sanitization and hashing. No malicious code, obfuscation, or unauthorized data exfiltration patterns were identified.

能力评估

ℹ Purpose & Capability

The skill's name and description match the behavior in SKILL.md and references (start_run, events, usage, end_run). Requested credentials (DRIP_API_KEY, OPENCLAW_IDENTITY_TOKEN) and optional DRIP_BASE_URL/DRIP_WORKFLOW_ID are appropriate for a telemetry/billing integration. One minor inconsistency: the registry summary at the top of the package metadata states 'Required env vars: none', while SKILL.md and _meta.json list several env vars — confirm which is authoritative.

✓ Instruction Scope

SKILL.md confines instructions to telemetry operations (start run, emit events, track usage, end run) and explicitly forbids sending raw prompts, outputs, credentials, or PII. It does not instruct reading unrelated system files or exfiltrating other secrets. The Node/Python examples assume existing Drip SDKs but do not include explicit dependency installation or commands to collect extra system context — verify SDK availability on your agent runtime.

ℹ Install Mechanism

This is an instruction-only skill with no install spec or code — low risk because nothing is written to disk by the skill itself. Note: SKILL.md references npm/@drip-sdk and a Python 'drip' package but the skill provides no dependency list or install steps for those SDKs (other than 'clawhub install' - which may be platform-managed). Confirm how the runtime will provide the SDKs before relying on the examples.

✓ Credentials

The only environment/credential requirements (DRIP_API_KEY and alternate OPENCLAW_IDENTITY_TOKEN, plus optional base URL and workflow id) are proportionate to a billing/telemetry integration. All listed env vars are reasonable for the stated purpose. The SKILL.md marks them optional; verify whether your deployment requires them and prefer least-privilege/scoped keys as recommended.

✓ Persistence & Privilege

No elevated privileges requested: always:false, user-invocable:true, and there is no indication the skill modifies other skills or system-wide configs. The skill does not request persistent system presence beyond being invoked by the agent.

版本历史

v1.1.1

Security alignment update: metadata consistency fixes (owner + credential/env declarations), explicit OPENCLAW_IDENTITY_TOKEN naming, tightened privacy contract, and scanner-friendly _meta schema.

v1.1.0

Security-hardened and conversion-focused update: stable credential guidance, explicit install flow, sanitized telemetry rules, concise Node/Python quickstarts, clearer OpenClaw+Drip billing positioning.

v1.0.10

- Adds _meta.json file for enhanced registry and metadata support. - Updates SKILL.md to clarify support for both OpenClaw/ClawHub and standard Drip API usage-based billing. - Expands required and optional environment variables, including OpenClaw-specific options. - Now references both Node.js and Python SDKs, with integration examples for each. - Clearly presents safety and credential handling best practices for both OpenClaw and Drip API usage.

v1.0.9

# drip-openclaw-billing v1.0.9 - Updated security documentation to recommend least-privilege `pk_` keys by default, advising against `sk_` key usage except for admin/server-side flows. - Clarified key type descriptions and credential handling, emphasizing agent/runtime integrations should use only `pk_` keys. - Strengthened warnings about never exposing `sk_` keys to untrusted/insecure environments. - Removed the file `agents/openai.yaml`. - Streamlined and simplified security and key management guidance in documentation.

v1.0.8

drip-openclaw-billing 1.0.8 - Added new agent configuration file at agents/openai.yaml. - No other changes to existing functionality or documentation.

v1.0.7

- Updated API key requirements: now requires a trusted server-side sk_* key (DRIP_API_KEY) and no longer permits pk_* keys for protected APIs. - Clarified runtime trust boundary: never expose DRIP_API_KEY to untrusted agents, browsers, or clients. - Adjusted documentation to emphasize use of sk_live_ or sk_test_ credentials and updated provenance links. - Strengthened security notes, stressing exact package pinning, metadata validation, and SDK provenance checks before production. - Registry/metadata guidance updated: DRIP_API_KEY is always required and stale registry listings must be corrected.

v1.0.6

Added formal metadata blocks declaring license, compatibility, provenance, required credentials, and environment variables.

v1.0.5

SKILL.md instruction set significantly rewritten for clarity, conciseness, and safety emphasis.

v1.0.4

Documentation improved for clarity and detail around security and environment configuration.

v1.0.3

drip-openclaw-billing v1.0.3 changelog - Improved and clarified documentation on key scoping, security practices, and data privacy.

v1.0.2

- Renamed skill to drip-billing with broader usage focus beyond OpenClaw. - Simplified and generalized documentation for tracking AI agent usage, tool calls, LLM tokens, and agent runs. - Changed required credentials to only DRIP_API_KEY and related env vars; removed references to ClawHub/OpenClaw-specific config. - Updated SDK usage examples to standard Drip SDK and removed OpenClaw-specific patterns. - Removed ClawHub/OpenClaw deployment and integration instructions. - Removed agent configuration files: agents/clawhub.yaml and agents/openai.yaml.

v1.0.1

- Clarified required and optional environment variables - Added guidance to ensure `DRIP_BASE_URL` is set to a trusted official Drip API domain. - Introduced a new section on telemetry data minimization, including a list of allowed and prohibited metadata fields. - Stated that provider API keys and secrets are not needed by this billing skill. - Updated deployment contract to emphasize endpoint verification for production use.

v1.0.0

Initial release of Drip OpenClaw Billing Skill. - Enables instrumentation of OpenClaw workloads with Drip run, event, and usage telemetry for traceability and customer billing. - Supports both SDK and raw API integration patterns. - Detailed guidance on required configuration, runtime settings, and workflow for start/end runs, tool events, and billable usage emissions. - Explicit invocation model to prevent unintended charges. - Reference documentation provided for integration and deployment.

元数据

Slug drip-openclaw-billing

版本 1.1.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 13

常见问题