← 返回 Skills 市场
openclaw-tally
作者
Jonathan Jing
· GitHub ↗
· v0.3.1
452
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install openclaw-tally
功能描述
Tokens tell you how much you paid. Tasks tell you what you got. Tally tracks every OpenClaw task from start to finish — cost, complexity, and efficiency score.
安全使用建议
This skill appears coherent and local-only: it needs node/npm and will run npm install (including a native build for better-sqlite3) and write a SQLite DB at ~/.openclaw/tally/tally.db. Before installing: 1) be prepared to run native builds (Node >=18) or install prebuilt binaries for better-sqlite3 on your platform; 2) if you require absolute assurance that no message content is stored, audit any code paths that might populate intent_summary/outcome_summary (currently detector returns empty summaries); 3) consider running it in a test user account or VM to verify behavior and DB location; and 4) review the GitHub repo (package.json points to https://github.com/JonathanJing/openclaw-tally) if you want source provenance. Minor notes: src/index.js exports VERSION '0.1.0' while package/skill metadata are 0.3.1 (version mismatch only).
功能分析
Type: OpenClaw Skill
Name: openclaw-tally
Version: 0.3.1
The OpenClaw Tally skill is classified as benign. The code and documentation consistently declare and enforce strict security boundaries, including no network access, no arbitrary `exec` permissions, and sandboxed filesystem writes limited to `~/.openclaw/tally/`. All database interactions in `src/ledger.js` use prepared statements, effectively preventing SQL injection. Path validation in `src/ledger.js` explicitly restricts database file creation to allowed directories, mitigating arbitrary file write vulnerabilities. The `SKILL.md` and `README.md` are straightforward documentation without any prompt injection attempts against the agent. While `better-sqlite3` is a native dependency, it is a legitimate and widely used library for SQLite in Node.js, and its use does not indicate malicious intent within this skill.
能力评估
Purpose & Capability
The code, package.json, skill.json, and SKILL.md all implement a local task-detection, ledger, and analytics system. Required binaries (node/npm) and the native sqlite dependency (better-sqlite3) are expected for this purpose. No unexpected credentials, network access, or unrelated binaries are requested.
Instruction Scope
SKILL.md says the skill registers a message-post hook and processes every message's text but stores only metadata. The code contains task detector, ledger, and analytics logic and does not persist raw message bodies. There is a small surface to note: the DB includes intent_summary and outcome_summary fields (strings) — the current detector returns empty summaries, but future changes could populate those fields with snippets. Confirm intent_summary/outcome_summary behavior if you want guarantees that no message text is ever persisted.
Install Mechanism
No install spec in registry, but the package contains package.json and package-lock.json; installation uses standard npm which will fetch dependencies from npmjs.org (including better-sqlite3). This is expected for a Node skill. The SKILL.md explicitly warns about the native build step. No downloads from untrusted URLs or extract-from-arbitrary-host steps were found.
Credentials
The skill requires no environment variables or external credentials. File system access is limited to ~/.openclaw/tally/ (and tests allow /tmp). package.json/repo metadata points to a GitHub repo — not a secret or unrelated service. Overall requested environment access is proportional to the stated purpose.
Persistence & Privilege
The skill is not always-on and does not request elevated privileges. skill.json declares filesystem write/read only under ~/.openclaw/tally/, network: none, and exec: false. The code enforces a hardcoded default DB path within the user homedir and validates custom paths to /tmp; no modifications to other skills or system configs were observed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-tally - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-tally触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.1
Added simplified installation instructions to SKILL.md and README.md.
v0.3.0
v0.3.0: Fix DB-path validation gap (now enforced for ALL paths, not just default), add runtime:node declaration, declare native dep (node/npm) in metadata requires
v0.2.0
Fix privacy mismatch: detector no longer stores message text; dbPath now respected for test isolation; SKILL.md privacy section corrected
v0.1.0
Initial release: task-level cost analytics for OpenClaw. Track task boundaries, compute TES (Task Efficiency Score), and understand what your AI actually costs per task.
元数据
常见问题
openclaw-tally 是什么?
Tokens tell you how much you paid. Tasks tell you what you got. Tally tracks every OpenClaw task from start to finish — cost, complexity, and efficiency score. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 452 次。
如何安装 openclaw-tally?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-tally」即可一键安装,无需额外配置。
openclaw-tally 是免费的吗?
是的,openclaw-tally 完全免费(开源免费),可自由下载、安装和使用。
openclaw-tally 支持哪些平台?
openclaw-tally 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 openclaw-tally?
由 Jonathan Jing(@jonathanjing)开发并维护,当前版本 v0.3.1。
推荐 Skills