← 返回 Skills 市场
gblockchainnetwork

OpenClaw Cost Auditor

作者 Goroni · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1206
总下载
0
收藏
7
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-cost-auditor
功能描述
Track and report OpenClaw API usage, model costs, token consumption, and forecast spending with optimization recommendations.
安全使用建议
This skill appears to be a simple log parser that sums 'tokens: N' entries and estimates cost. Before installing: 1) Confirm whether the author intends the advertised API integrations and, if so, require explicit API credentials and documented endpoints. 2) Be aware the script reads /var/log/openclaw by default — run it with an explicit, non-privileged path first and inspect logs for sensitive content. 3) Ask for the missing files the SKILL.md references (templates/report.md, CLI wrapper) or run the script manually in a sandbox to verify behavior. 4) If you plan to allow autonomous invocation, restrict the skill's file-read permissions and ensure it cannot access unrelated system logs or secrets. 5) If you need networked metric aggregation, prefer an implementation that clearly requests and documents required credentials and safe transmission endpoints.
功能分析
Type: OpenClaw Skill Name: openclaw-cost-auditor Version: 1.0.0 The `scripts/audit.py` file is vulnerable to arbitrary file reading due to its direct use of `sys.argv[1]` for the `log_dir` without any input validation or sanitization. An attacker could potentially exploit this by providing a path to sensitive directories (e.g., `/etc`, `~/.ssh`) via prompt injection to the OpenClaw agent, leading to information disclosure. While the script itself does not exfiltrate data or exhibit other malicious behaviors, this vulnerability represents a significant security risk.
能力评估
Purpose & Capability
The name/description (audit OpenClaw usage, query API metrics, forecast billing) mostly matches the included log-parsing script which sums token counts from logs. However the SKILL.md also advertises integrations with Grok/xAI API and 'custom providers' and features like PDF reports/templates, yet there are no API calls, no templates included, and no environment variables or credentials declared. That mismatch is unexplained.
Instruction Scope
The runtime script reads files under /var/log/openclaw (or a provided path) and parses all '*.log' entries for 'tokens: N'. Reading system logs is consistent with auditing but can expose sensitive information; SKILL.md gives no guidance about limiting scope, filtering PII, or where reports are stored/transmitted. The SKILL.md's Quick Start example implies a CLI invocation that isn't provided as an installed binary.
Install Mechanism
There is no install spec (instruction-only) and only a small Python script is included. This is low risk from an install vector perspective — nothing is downloaded from external URLs and no packages are installed by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for a pure log parser. However the documentation's claim of querying external APIs implies it should request API keys/credentials — the absence of any declared secrets is an inconsistency that should be explained.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or agent-wide config.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-cost-auditor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-cost-auditor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
v1 launch: Track API/costs for agents.
元数据
Slug openclaw-cost-auditor
版本 1.0.0
许可证
累计安装 8
当前安装数 7
历史版本数 1
常见问题

OpenClaw Cost Auditor 是什么?

Track and report OpenClaw API usage, model costs, token consumption, and forecast spending with optimization recommendations. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1206 次。

如何安装 OpenClaw Cost Auditor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-cost-auditor」即可一键安装,无需额外配置。

OpenClaw Cost Auditor 是免费的吗?

是的,OpenClaw Cost Auditor 完全免费(开源免费),可自由下载、安装和使用。

OpenClaw Cost Auditor 支持哪些平台?

OpenClaw Cost Auditor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenClaw Cost Auditor?

由 Goroni(@gblockchainnetwork)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论