← 返回 Skills 市场
Token Ledger (SQLite)
作者
Jonathan Jing
· GitHub ↗
· v0.1.0
342
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install token-ledger
功能描述
Audit-grade token and cost ledger for OpenClaw. Use when you need to (1) record every model call’s usage (input/output/cache read/cache write/cost) into SQLi...
安全使用建议
This skill appears to do what it says: it watches your local OpenClaw session JSONL files and writes usage rows into ~/.openclaw/ledger.db, then provides queries and deterministic reports. Before installing or running it as a daemon: (1) Review the ledger_watcher.py code yourself (it will read session JSONL and store usage_raw — this may include message content); (2) Note the manifest is missing the expected com.openclaw.token-ledger-watcher.plist template referenced by render_plist.py and SKILL.md — you will need that file or must adapt the render step to your environment; (3) Test with the one-shot (--once) mode first to verify file paths and behavior; (4) If you intend to enable the LaunchAgent, understand it will run continuously as your user and read session files — only install it if you trust the code and accept the privacy tradeoff; (5) There are no network calls or external credentials requested by the included scripts, which reduces exfiltration risk, but always inspect any scripts before granting persistent execution. If you want higher assurance, ask the skill author for the missing plist file, or run the scripts in a sandboxed account first.
功能分析
Type: OpenClaw Skill
Name: token-ledger
Version: 0.1.0
The token-ledger skill implements a usage tracking system that monitors OpenClaw session logs and stores data in a local SQLite database. It is classified as suspicious because it includes instructions in SKILL.md for the agent to establish system persistence on macOS via a LaunchAgent (com.openclaw.token-ledger-watcher.plist) and a background daemon (ledger_watcher.py). While these high-risk capabilities—persistence and monitoring of sensitive session data—are aligned with the stated purpose of an audit-grade ledger, they represent a significant system modification that warrants caution. No evidence of malicious intent, such as data exfiltration or unauthorized remote access, was found in the code logic.
能力评估
Purpose & Capability
Name/description match the code and instructions: the scripts read OpenClaw session JSONL files and populate ~/.openclaw/ledger.db, provide queries and daily reports, and can be installed as a LaunchAgent. The requested resources (local files under ~/.openclaw and ability to write ~/Library/LaunchAgents) are consistent with the stated purpose. One inconsistency: SKILL.md and render_plist.py expect a LaunchAgent template file named com.openclaw.token-ledger-watcher.plist in the scripts directory, but that file is not present in the skill manifest — this will break the install instructions as provided.
Instruction Scope
SKILL.md instructs only local operations (one-shot scan, render plist, launchctl load/unload, sqlite queries). The watcher script reads ~/.openclaw/agents/main/sessions/*.jsonl and writes ledger.db and a checkpoint file — this is in-scope for a ledger. Important privacy note: session JSONL likely contains message content and other sensitive data; the skill stores usage_raw and other metadata in the DB. The instructions also assume the skill scripts live at ~/.openclaw/workspace/skills/token-ledger/scripts/, which may not match how the user installs the skill; and the missing plist template file is an operational gap.
Install Mechanism
No install specification or remote downloads; this is instruction-and-script only and runs with the system Python. No packages are pulled from external hosts and no archives are extracted, so the install surface is low-risk. The only persistence mechanism is an optional macOS LaunchAgent, which the user installs locally via the provided plist.
Credentials
The skill requests no environment variables, no credentials, and accesses only files under the user's home directory (~/.openclaw and ~/Library/LaunchAgents). Those permissions are proportionate to the stated goal of auditing local OpenClaw session usage.
Persistence & Privilege
The skill does not set always:true and does not request elevated system privileges. However the recommended flow includes installing a user LaunchAgent on macOS, which grants the skill a persistent, automatic background process (user-level). Users should be conscious that the daemon will continuously read session JSONL files and write to ledger.db and a checkpoint file until they unload the LaunchAgent.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install token-ledger - 安装完成后,直接呼叫该 Skill 的名称或使用
/token-ledger触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial public release: SQLite token+cost ledger with watcher + safe query/report scripts.
元数据
常见问题
Token Ledger (SQLite) 是什么?
Audit-grade token and cost ledger for OpenClaw. Use when you need to (1) record every model call’s usage (input/output/cache read/cache write/cost) into SQLi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 342 次。
如何安装 Token Ledger (SQLite)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install token-ledger」即可一键安装,无需额外配置。
Token Ledger (SQLite) 是免费的吗?
是的,Token Ledger (SQLite) 完全免费(开源免费),可自由下载、安装和使用。
Token Ledger (SQLite) 支持哪些平台?
Token Ledger (SQLite) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Token Ledger (SQLite)?
由 Jonathan Jing(@jonathanjing)开发并维护,当前版本 v0.1.0。
推荐 Skills