← 返回 Skills 市场
OpenClaw Usage Dashboard
作者
vanhuelsing
· GitHub ↗
· v2.0.2
· MIT-0
419
总下载
0
收藏
1
当前安装
5
版本数
在 OpenClaw 中安装
/install openclaw-usage-dashboard
功能描述
Interactive local dashboard for OpenClaw API usage. Shows token consumption, request counts, and system health across all configured LLM models — broken down...
安全使用建议
This skill appears to do what it says: run a local Node server that reads ~/.openclaw/agents/*/sessions/*.jsonl and shows usage metrics on http://localhost:PORT. Before installing/running: (1) Inspect server.js yourself (it is bundled) to verify you are comfortable with the file I/O and the fixed system commands it runs; (2) Run it unprivileged (your normal user), not as root/admin; (3) Confirm the server binds only to localhost (SKILL.md and code default to 127.0.0.1) or explicitly pass --host 127.0.0.1; (4) If you are concerned about secrets in logs, either review a few session files manually or run the server in a sandbox to confirm no raw secrets are exposed; (5) Because the server uses execSync for system health commands, make sure your platform's commands are safe and that the machine is otherwise secure. If you need additional assurance, you can run node server.js in an isolated environment and monitor outbound network activity to confirm nothing leaves your machine.
功能分析
Type: OpenClaw Skill
Name: openclaw-usage-dashboard
Version: 2.0.2
The bundle provides a local Node.js dashboard for monitoring OpenClaw token usage and system health by parsing session logs in the `~/.openclaw` directory. The implementation in `server.js` includes several security best practices, such as regex-based redaction of API keys (e.g., Anthropic and OpenAI tokens), a memory budget for log parsing, and a restrictive Content Security Policy (CSP) for the web interface. System information is gathered using hardcoded shell commands (e.g., `vm_stat`, `df`, `powershell`) without user-input interpolation, and the server is restricted to `localhost`. The included `AUDIT.md` further documents a self-correction process for minor security and functional issues, reinforcing the tool's legitimate purpose.
能力评估
Purpose & Capability
Name/description claim a local dashboard that reads OpenClaw session logs; the package includes server.js and dashboard.html that read ~/.openclaw/agents/*/sessions/*.jsonl and compute aggregates (tokens, request counts, system health). No unrelated credentials or services are requested.
Instruction Scope
SKILL.md instructs running node server.js and opening localhost. server.js reads only local session log files and exposes aggregated metrics; it does not embed instructions to read unrelated system state or exfiltrate data. The server does run a small set of fixed system commands (vm_stat, df, powershell, openclaw version, and platform openers) for system-health fields, which matches the 'system health' feature described.
Install Mechanism
No install spec is provided (instruction-only install), and the README/SKILL.md explicitly tell the user to run node server.js. No third-party packages or remote downloads are required. Code is included in the skill bundle so nothing needs to be fetched from external URLs at install time.
Credentials
The skill requests no environment variables or credentials. The server contains explicit sanitization patterns and an audit claiming it redacts secrets and does not return raw message content. The few operations that could surface sensitive text (parsing toolResult text) are used only to extract numeric rate-limit headers, not to expose raw responses.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and binds to localhost by default. It opens a local HTTP server and may auto-open the user's browser; it does not modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-usage-dashboard - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-usage-dashboard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.2
Security fix: patch shell injection vulnerability. --open flag and df disk check now use spawn/spawnSync with array args (no shell). All execSync calls are hardcoded strings with zero variable interpolation.
v2.0.1
Security transparency: document child_process usage in source and README. All shell calls are fixed system commands (vm_stat, df, powershell, openclaw version) — no user input interpolation, all timeouts set, all wrapped in try/catch.
v2.0.0
v2.0 — Complete rewrite. Multi-model timeline with Models/Agents/Both toggle, model cards sorted by usage, agent activity heatmap, token efficiency metrics, system health (RAM VM-aware on macOS), period selector Hour/Day/Week/Month/Year. Cross-platform macOS/Linux/Windows. Zero dependencies, Node.js 18+. Security audit by Opus: XSS fix, CSP tightened, Intel Mac page size fix, Windows PowerShell fallback.
v1.0.1
Security fixes: removed unused subprocess import, added output path sanitization (VirusTotal scan feedback)
v1.0.0
Initial release — multi-provider usage dashboard with SVG charts, budget tracking, CSV export, demo mode
元数据
常见问题
OpenClaw Usage Dashboard 是什么?
Interactive local dashboard for OpenClaw API usage. Shows token consumption, request counts, and system health across all configured LLM models — broken down... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 419 次。
如何安装 OpenClaw Usage Dashboard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-usage-dashboard」即可一键安装,无需额外配置。
OpenClaw Usage Dashboard 是免费的吗?
是的,OpenClaw Usage Dashboard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw Usage Dashboard 支持哪些平台?
OpenClaw Usage Dashboard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Usage Dashboard?
由 vanhuelsing(@vanhuelsing)开发并维护,当前版本 v2.0.2。
推荐 Skills