← 返回 Skills 市场
OpenClaw Output Metrics Footer
作者
udaymanish6
· GitHub ↗
· v0.2.1
· MIT-0
80
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-output-metrics-footer
功能描述
Install, configure, maintain, or troubleshoot a compact OpenClaw output footer that shows live context usage, output tokens, Codex quota remaining, model use...
安全使用建议
This extension does what it advertises (adds a metrics footer) but it also reads your OpenClaw auth profile file to extract an OAuth token and sends that token to an external endpoint (chatgpt.com/backend-api/wham/usage) to obtain quota info. Before installing: 1) Inspect the auth-profiles.json contents on your system to confirm what secrets are stored there and whether you are comfortable allowing a plugin to read them. 2) Verify the external endpoint is trustworthy — consider replacing or redirecting the quota call to a provider you control or to an official API (openai.com) if possible. 3) If you want to reduce risk, edit index.ts to (a) remove automatic auth-file reads and require an explicit, limited read-only quota token in the plugin config, or (b) omit quota fetching entirely so tokens never leave the host. 4) Restrict enabledChannels/disabledConversations to non-sensitive channels and test in an isolated environment before deploying to production. 5) Note the metadata omission: the skill does not declare it needs access to auth files/credentials; treat that as a red flag and prefer explicit consent or code changes that make credential usage transparent.
功能分析
Type: OpenClaw Skill
Name: openclaw-output-metrics-footer
Version: 0.2.1
The skill's extension (index.ts) programmatically accesses the OpenClaw credential store at '~/.openclaw/agents/main/agent/auth-profiles.json' to extract OAuth access tokens. While this is used for the stated purpose of fetching usage metrics from 'https://chatgpt.com/backend-api/wham/usage', the direct reading of sensitive authentication files and the use of those tokens in network requests constitutes a high-risk behavior that could be repurposed for data exfiltration.
能力标签
能力评估
Purpose & Capability
The skill's name/description (append an output footer with token/context/quota metrics) matches the code: it listens to llm_output and message_sending and composes a footer. However the code reads the local OpenClaw auth profile file (~/.openclaw/agents/main/agent/auth-profiles.json) to extract an openai-codex OAuth token and uses that token to call https://chatgpt.com/backend-api/wham/usage. Reading the agent auth store and doing an external fetch with a bearer token is not reflected in the skill metadata (no required config paths or credentials), so this access is disproportionate or at least insufficiently disclosed.
Instruction Scope
The SKILL.md/README instructs copying the extension and updating openclaw.json but does not declare that the extension will read the agent auth-profiles.json file or that it will make outbound network calls carrying an OAuth bearer token. The code's behavior (reading local auth store and making quota requests) is outside what the prose explicitly lists as required resources, creating an information gap that could hide sensitive access.
Install Mechanism
No automated install script or remote downloads are used: the extension template is copied locally. This is low-risk from an install-download perspective (no remote arbitrary code fetch).
Credentials
The package declares no required env vars or config paths, yet the code reads the agent auth profile file to extract an access token. Using a bearer token to call an external service (chatgpt.com) is sensitive: while a token is logically needed to fetch quota, the code does not ask the user to opt in or document the specific endpoint in the SKILL.md, and the chosen domain is atypical (not an official openai.com admin endpoint), increasing the risk that a token could be sent to an unexpected service.
Persistence & Privilege
The plugin registers long-lived hooks (llm_output and message_sending) — which is normal — but it also reads other agent configuration (auth-profiles.json). Accessing the agent's credential store means the plugin can observe tokens belonging to the agent; this is a higher privilege than the README/metadata claims and should be treated carefully. The plugin is not 'always:true' and does not modify other skills, but the credential access is notable.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-output-metrics-footer - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-output-metrics-footer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.1
Parse current Codex quota usage windows
v0.2.0
Expand footer support from Discord-only to all OpenClaw text channels
元数据
常见问题
OpenClaw Output Metrics Footer 是什么?
Install, configure, maintain, or troubleshoot a compact OpenClaw output footer that shows live context usage, output tokens, Codex quota remaining, model use... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。
如何安装 OpenClaw Output Metrics Footer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-output-metrics-footer」即可一键安装,无需额外配置。
OpenClaw Output Metrics Footer 是免费的吗?
是的,OpenClaw Output Metrics Footer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw Output Metrics Footer 支持哪些平台?
OpenClaw Output Metrics Footer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Output Metrics Footer?
由 udaymanish6(@udaymanish6)开发并维护,当前版本 v0.2.1。
推荐 Skills