← 返回 Skills 市场

Token Tracker

Name: Token Tracker
Author: mr-lucky

作者 Mr-Lucky · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

105

总下载

当前安装

版本数

在 OpenClaw 中安装

/install my-token-tracker

功能描述

监控 OpenAI/其他模型 Token 消耗，支持每日/每周账单推送和超额警报

安全使用建议

What to consider before installing: - Privacy: the hook reads ~/.openclaw/sessions/*.json and logs event.context to stdout; those logs (gateway logs) can contain conversation text and other sensitive metadata. If you run this skill, protect gateway logs and review what session status files contain. - External delivery: cron-config uses Telegram as a delivery channel. Ensure any automated report/alert destination is configured by you and that tokens/credentials for Telegram are not supplied to an untrusted skill. If you don't want automatic external delivery, do not install the cron jobs or set delivery to a safe internal channel. - Review and test in isolation: run the skill in a non-production user/account first to confirm it only records the intended fields. Inspect usage_records.json and config.json for stored data and remove/secure them as needed. - Code quality: the Node hook contains a coding bug (uses 'await import("fs")' inside a non-async function), and the hook prints full context — consider fixing the code to only extract token counts and model names and to avoid logging entire context. The Python script appears to work but uses a simplified timezone handling and will create files under ~/.openclaw/workspace/skills/token-tracker. - Trust and provenance: the skill has no homepage and an unknown source. If you do not trust the author, prefer manual inspection, run in an isolated environment, or avoid enabling the hook/cron features. - Operational: HOOK.md indicates Node is required. If you install the hook, ensure Node runs with expected module semantics (ESM) and that OpenClaw's hook registry will not forward sensitive data elsewhere.

功能分析

Type: OpenClaw Skill Name: my-token-tracker Version: 1.0.0 The TokenTracker skill bundle is a legitimate utility designed to monitor and report LLM token usage within the OpenClaw environment. It consists of a Python script for data management, a Node.js hook (handler.js) for intercepting session events to log usage, and cron configurations for automated reporting. Analysis of the code shows no evidence of data exfiltration, unauthorized network access, or malicious prompt injection; all data processing occurs locally within the user's home directory (~/.openclaw). While the cron-config.json contains hardcoded Windows file paths (C:\Users\admin) and the hook contains futuristic model placeholders (e.g., GPT-5.4), these appear to be developer artifacts or configuration flaws rather than indicators of malicious intent.

能力评估

✓ Purpose & Capability

Name/description match the provided files: a Python tracker, a Node hook that logs per-session token usage, install script to copy files into ~/.openclaw, and cron examples for scheduled reports — all are coherent with a token-tracking skill.

⚠ Instruction Scope

The hook reads OpenClaw session status files (~/.openclaw/sessions/*.json) and logs event.context (JSON.stringify) to stdout; session status/context can contain full conversation content and other sensitive metadata, so logs or the created usage_records.json may expose sensitive data. The SKILL.md and cron-config instruct automated report delivery via Telegram (external channel) which can leak billing/usage info if not configured carefully. The Hook also falls back to estimating tokens from event.context; that indicates the hook will parse context fields beyond just token counters.

✓ Install Mechanism

No external downloads or extract steps; post-install.sh simply copies files into ~/.openclaw and creates a data directory. This is low-risk from supply-chain perspective, but it requires filesystem write access to the home OpenClaw directories.

ℹ Credentials

The skill declares no required env vars or credentials, which is consistent. However: HOOK.md requires Node (reasonable), and cron-config references delivery via Telegram without declaring Telegram credentials (expected to be provided by the platform). The absence of declared credentials is not necessarily malicious, but you should confirm where outgoing messages will be delivered and that Telegram/other channel config is under your control.

✓ Persistence & Privilege

always:false and no attempt to modify other skills or system-wide configs. The post-install script enables the hook via the openclaw CLI if available and creates files under ~/.openclaw — behavior is scoped to the skill's own directories.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install my-token-tracker
安装完成后，直接呼叫该 Skill 的名称或使用 /my-token-tracker 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release with comprehensive token monitoring and reporting features: - Supports real-time querying of token usage and cost for OpenAI/other models. - Automatic daily and weekly bill reports at scheduled times. - Hourly quota check with threshold alert notifications. - Optional hook to auto-log token usage after each session. - Flexible configuration: models, pricing, thresholds, and time zone. - Command-line tools for querying, reporting, threshold checks, and manual data entry. - Installs easily with provided scripts and supports scheduled tasks.

元数据

Slug my-token-tracker

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Token Tracker 是什么？

监控 OpenAI/其他模型 Token 消耗，支持每日/每周账单推送和超额警报. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 105 次。

如何安装 Token Tracker？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install my-token-tracker」即可一键安装，无需额外配置。

Token Tracker 是免费的吗？

是的，Token Tracker 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Token Tracker 支持哪些平台？

Token Tracker 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Token Tracker？

由 Mr-Lucky（@mr-lucky）开发并维护，当前版本 v1.0.0。