← 返回 Skills 市场
Token Burn Monitor
作者
Kaspar Chen
· GitHub ↗
· v5.3.1
· MIT-0
511
总下载
0
收藏
4
当前安装
5
版本数
在 OpenClaw 中安装
/install token-burn-monitor
功能描述
Real-time token consumption monitoring dashboard for OpenClaw agents. Tracks per-agent token usage, cost breakdown by model, cache hit rates, cron job status...
安全使用建议
This package is coherent for running a local token/cost dashboard, but consider the following before installing: (1) session JSONL files may contain sensitive user prompts — keep showPrompts disabled (default) unless you explicitly trust the machine and purpose; (2) inspect any custom themes you add before enabling them (themes are served to localhost and could display or fetch data if modified); (3) verify you have a trusted Node.js runtime and run it on a machine where local-only access is acceptable; (4) the published source/homepage are unknown in the registry metadata — if provenance matters, obtain the repository or author contact and verify integrity before production use.
功能分析
Type: OpenClaw Skill
Name: token-burn-monitor
Version: 5.3.1
The token-burn-monitor skill is a legitimate utility for tracking token usage and costs across OpenClaw agents. The code (server.js) and instructions (SKILL.md) align with the stated purpose, implementing several security best practices such as binding the server to 127.0.0.1, enforcing a strict Content Security Policy (CSP) to prevent data exfiltration from the browser, and redacting user prompts by default. It operates with zero external dependencies and includes path traversal protections for its theme-based static file serving.
能力评估
Purpose & Capability
Name/description promise (per-agent token/cost/cron monitoring) matches the code and SKILL.md: server.js scans an agents directory for session JSONL files, reads a cron jobs file, computes token/cost stats and serves a localhost-only dashboard. Declared filesystem reads (agents sessions and cron jobs) are expected for this purpose.
Instruction Scope
SKILL.md and server.js limit activity to local reads, serving a localhost-only GET API and static theme files. Important privacy note: session files can include user prompts; prompts are redacted by default but will be returned (up to 300 chars) if SHOW_PROMPTS or config.showPrompts is enabled. The instructions do not attempt to read unrelated system files or make outbound network requests.
Install Mechanism
No install spec; packaged as node scripts with start.sh/setup.sh. start.sh uses nohup node server.js and writes a PID/log to /tmp. No external downloads or package installs are performed by the provided scripts. Requires a Node.js runtime already present (documented).
Credentials
The skill does not request environment secrets and only references OPENCLAW_AGENTS_DIR, OPENCLAW_HOME and PORT (all appropriate for discovering sessions and cron data). The only sensitive data access is reading session JSONL files (explicit and justified by the dashboard purpose); the SKILL.md documents redaction behavior and opt-in for showing prompts.
Persistence & Privilege
The skill is not always-enabled and uses normal service scripts (start/stop) that affect only its own process and PID file; it does not modify other skills or global agent settings. Autonomous invocation (model invocation) is allowed by platform default but not combined with other concerning privileges here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install token-burn-monitor - 安装完成后,直接呼叫该 Skill 的名称或使用
/token-burn-monitor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v5.3.1
v5.3.1: Align all documentation — remove stale CORS claims from API.md, declare env vars and permissions in SKILL.md, default theme uses system fonts (zero external requests), CSP tightened to self-only.
v5.3.0
v5.3: Eliminated child_process and CORS entirely. Cron data read from filesystem. Server only imports http/fs/path. GET-only, localhost-bound, CSP-protected.
v5.2.0
v5.2: Hardened security — replaced execSync with execFileSync, added CSP headers, path traversal guard, prompts redacted by default.
v5.1.0
v5.1: Security fixes — sanitize shell inputs, bind to localhost only, restrict CORS, truncate user prompts by default.
v5.0.0
v5.0: Modular architecture with swappable themes and stable API layer.
元数据
常见问题
Token Burn Monitor 是什么?
Real-time token consumption monitoring dashboard for OpenClaw agents. Tracks per-agent token usage, cost breakdown by model, cache hit rates, cron job status... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 511 次。
如何安装 Token Burn Monitor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install token-burn-monitor」即可一键安装,无需额外配置。
Token Burn Monitor 是免费的吗?
是的,Token Burn Monitor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Token Burn Monitor 支持哪些平台?
Token Burn Monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Token Burn Monitor?
由 Kaspar Chen(@kasparchen)开发并维护,当前版本 v5.3.1。
推荐 Skills