← 返回 Skills 市场
johndemic

Revenium Budget Enforcement

作者 revenium.ai · GitHub ↗ · v0.5.7 · MIT-0
cross-platform ⚠ suspicious
484
总下载
1
收藏
1
当前安装
39
版本数
在 OpenClaw 中安装
/install revenium
功能描述
MANDATORY budget check BEFORE EVERY OPERATION — read budget-status.json first, always, no exceptions. Enforces token spend limits, warns on threshold exceeda...
安全使用建议
This skill appears to implement the budget/usage reporting it advertises, but it requires significant platform changes and host access that create real privacy and privilege risks. Before installing: - Verify the source/trustworthiness of the revenium/tap Homebrew formula and the Revenium service. - Carefully review post-install changes (openclaw.json, exec-approvals.json) — do not allow automatic edits without inspection. The post-install will bind-mount your ~/.config/revenium into agent sandboxes (read-only) and set dangerouslyAllowExternalBindSources, which lets agents read host-stored API keys. - Understand that the reporter will send user inputs, assistant outputs, and system prompts to Revenium — if you cannot share that data, do not install. - If you want to try it safely: run post-install manually on a test/external machine or in a throwaway account, inspect cron/script behavior, and avoid enabling autoAllowSkills or dangerous bind flags; alternatively, configure the revenium CLI credentials on a dedicated account or use explicit environment variables with minimal scope. - If you’re uncertain, contact the vendor or review the repository upstream; do not blindly accept the post-install prompts that change sandbox security policies.
功能分析
Type: OpenClaw Skill Name: revenium Version: 0.5.7 The 'revenium' skill implements budget enforcement and token metering by installing a background cron job and modifying the OpenClaw sandbox configuration. It exhibits high-risk behaviors, including setting 'dangerouslyAllowExternalBindSources: true' in 'post-install.sh' to bind-mount host credentials and exfiltrating truncated snippets of user prompts, system prompts, and agent responses to 'api.revenium.ai' for reporting purposes ('report.sh'). While these actions are consistent with the stated functionality of a metering service, the modification of sandbox security settings and the transmission of session content to a third party represent a significant security trade-off and potential for data leakage.
能力标签
cryptorequires-sensitive-credentials
能力评估
Purpose & Capability
The skill claims to enforce a Revenium budget and to meter token usage; the included scripts (budget-check.sh, report.sh, cron.sh) implement that functionality and the brew install of a revenium CLI and jq is consistent with those goals. However, the installation and post-install behavior goes beyond a simple guard: it configures sandbox bind mounts for host binaries and ~/.config/revenium, enables autoAllowSkills and dangerouslyAllowExternalBindSources in OpenClaw config, and seeds logs/ledgers — changes that are not strictly necessary for a passive guard and raise privilege/attack-surface concerns.
Instruction Scope
SKILL.md mandates reading ~/.openclaw/skills/revenium/budget-status.json before every single operation and enforces an exact, non-negotiable halt output if halted. The reporter (report.sh) explicitly extracts user input, assistant responses, and the system prompt from OpenClaw session JSONL files and sends them to Revenium via the CLI. That means user content and system prompts will be transmitted to an external service — this is within the described purpose (metering) but is broader than many users expect and is privacy-sensitive. The SKILL.md also instructs the agent to treat host-stored CLI credentials as the canonical credential source (via a read-only bind), which implies the agent will rely on host credential files.
Install Mechanism
Install uses Homebrew formulas (revenium/tap/revenium and jq) which is an expected distribution path, but post-install.sh makes non-trivial system changes: it edits OpenClaw sandbox configuration to add bind mounts (including ~/.config/revenium) and sets dangerouslyAllowExternalBindSources: true and autoAllowSkills in exec-approvals.json. Those operations change gateway/sandbox policy and expand agent capabilities; they are not simple package installs and increase risk because they allow the agent to access host credential/config directories and auto-approve skill-declared binaries.
Credentials
The skill declares no environment variables, but the design relies on mounting the host ~/.config/revenium into the agent sandbox (read-only) so the revenium CLI inside the sandbox can read host-stored API key, team/tenant/user IDs. The reporter transmits user messages, assistant replies, and system prompts to Revenium. Requesting live access to host credential files and shipping conversational content to an external API is a high-privilege, privacy-sensitive capability that is disproportionate for many users and should be justified explicitly before enabling.
Persistence & Privilege
Post-install behavior modifies global OpenClaw configuration (openclaw.json) to add bind mounts and set dangerouslyAllowExternalBindSources, and enables autoAllowSkills in exec-approvals.json — granting ongoing privileges to this skill and the binaries it declares. Although always:false and model invocation is allowed (default), the skill's requested persistent changes to the gateway/sandbox and auto-approval behavior materially increase the attack surface and persistence of its capabilities.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install revenium
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /revenium 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.5.7
Revenium Skill v0.5.7 - Updated setup instructions to account for sandbox changes: Revenium config is now mounted read-only from the host; users must set credentials on the host, not in the agent session. - Removed requirement to re-run post-install.sh or restart the gateway when updating credentials; sandbox picks up host changes live. - Clarified config flow and credential persistence details in SKILL.md. - No changes to budget enforcement logic.
v0.5.6
Revenium skill v0.5.6 changelog: - Setup flow now requires API credentials (API key, team ID, tenant ID, user ID) to be configured on the host, not inside the agent sandbox. - Updated setup instructions: if credentials are missing, guide users to run `revenium config set ...` on the host and re-run post-install for sandbox credential injection. - Clarified that agent-side credential writes do not persist and are not valid for configuration. - Modified user prompt sequence and post-install.sh instructions to align with host/sandbox credential handling. - No changes to the skill's core budget enforcement or halt behavior.
v0.5.5
- Setup check now validates both existence of config.json and presence of a non-empty alertId before proceeding. - Setup Flow honors pre-seeded autonomousMode from config.json (seeded by post-install.sh), using it as the default when prompting the user. - If config.json exists but is missing alertId, setup is (re)triggered; a pre-seeded file with only autonomousMode/comment is not considered complete setup. - Installation or post-install no longer triggers automatic budget alert configuration; users complete full setup flow on first agent invocation. - Improved comments and documentation for clarity regarding config seeding and readiness conditions.
v0.5.4
Version 0.5.4 - Updated cron and report scripts: improved or fixed handling for metering and reporting (scripts/cron.sh, scripts/install-cron.sh, scripts/report.sh) - No changes to user-facing logic or skill instructions (SKILL.md unchanged in functional content) - Minor script adjustments for reliability or compatibility in automated background operations
v0.5.3
## revenium 0.5.3 - Updated `scripts/budget-check.sh` (file contents not shown). - No changes to skill description or behavioral logic in SKILL.md. - No visible impact for end users unless changes in `budget-check.sh` alter runtime behavior.
v0.5.2
**Major update: adds mandatory HALT check and clarifies budget enforcement steps.** - Enforces an immediate HALT message and total stop on all operations if `halted` is true in `budget-status.json`—no output or tool calls allowed except the halt warning. - HALT check is now staged before all budget and config logic, overriding every other instruction. - Budget check and response flow clarified: if `halted` is true, output ONLY the prescribed halt message; otherwise, proceed as before. - Formalizes strict controls on when users can proceed after a budget exceedance or halt. - Setup flow and path handling remain unchanged. No impact to user configuration or CLI commands.
v0.5.1
- Maintenance update to scripts/budget-check.sh; no functional or user-facing changes. - SKILL.md unchanged in logic and flow. - No impact to existing setup or usage.
v0.5.0
Revenium skill v0.5.0 - scripts/post-install.sh was updated in this release. - No user-visible behavioral or interface changes documented. - All core budget enforcement and setup procedures remain unchanged.
v0.4.9
- Added BUDGET-GUARD.md to document budget enforcement logic. - Updated README.md for clarity and project documentation. - Improved scripts/post-install.sh (details not shown) to support installation or configuration workflow. - No breaking changes to budget check or setup procedures.
v0.4.8
## revenium 0.4.8 - Documentation updated in SKILL.md with improved formatting, clarification, and consistency. - No behavioral or code logic changes; process and setup instructions remain functionally the same. - Internal editing to the setup flow, prompts, and step numbering for better accuracy and readability.
v0.4.7
- Added new `scripts/budget-check.sh` script for budget validation. - Updated multiple scripts (`cron.sh`, `post-install.sh`, `report.sh`) to support improved budget checking and integration with the new script. - Enhanced documentation and usage instructions in `README.md`. - Internal restructuring to ensure mandatory budget checks before every operation.
v0.4.6
## revenium v0.4.6 - Updated `scripts/report.sh` (file details not provided). - No user-facing changes documented in SKILL.md. - Existing budget enforcement and setup instructions remain unchanged.
v0.4.5
Revenium 0.4.5 - Updated `scripts/report.sh` (details not shown). - No user-facing changes reflected in SKILL.md; skill behavior and documentation unchanged.
v0.4.4
## revenium 0.4.4 - Updated scripts/report.sh (details not specified). - No user-visible changes documented.
v0.4.3
- Documentation update: Minor revisions to SKILL.md for clarity and completeness. - No changes to skill logic or behavior; operational procedures remain the same. - Wording and formatting improvements to setup and budget enforcement instructions.
v0.4.2
## revenium 0.4.2 - Updated `scripts/post-install.sh` (specific changes not listed). - No changes to user-facing documentation or behavior in SKILL.md. - Maintenance release; no new features or breaking changes documented.
v0.4.1
## revenium 0.4.1 - Updated `scripts/report.sh` (file change specifics not listed). - No visible user-facing or documented SKILL.md changes. - No configuration, setup, or usage changes documented. - Internal update only; functionality and integration remain unchanged.
v0.4.0
- post-install.sh script updated - No user-visible behavior changes documented - Internal script may have bugfixes or improvements
v0.3.9
## revenium version 0.3.9 - Minor update to `scripts/report.sh`. - No changes to core functionality or user-facing behavior. - All main setup and budget enforcement procedures remain unchanged.
v0.3.8
- Budget check instructions made more prominent and urgent; users must check budget before every operation, no exceptions. - Skill documentation restructured and condensed for clarity—“Operation Guard” now “Budget Check Procedure.” - Setup flow streamlined: clarified ordering, emphasized stop conditions, and improved user prompting instructions. - Messaging and fail-open logic for unreadable/missing budget status emphasized. - General improvements to directness and enforcement language across all usage instructions.
元数据
Slug revenium
版本 0.5.7
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 39
常见问题

Revenium Budget Enforcement 是什么?

MANDATORY budget check BEFORE EVERY OPERATION — read budget-status.json first, always, no exceptions. Enforces token spend limits, warns on threshold exceeda... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 484 次。

如何安装 Revenium Budget Enforcement?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install revenium」即可一键安装,无需额外配置。

Revenium Budget Enforcement 是免费的吗?

是的,Revenium Budget Enforcement 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Revenium Budget Enforcement 支持哪些平台?

Revenium Budget Enforcement 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Revenium Budget Enforcement?

由 revenium.ai(@johndemic)开发并维护,当前版本 v0.5.7。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论