← 返回 Skills 市场
usage-costs
作者
Netanel Abergel
· GitHub ↗
· v1.0.0
· MIT-0
84
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install usage-costs
功能描述
Report AI token usage and estimated costs. Use when: owner asks about costs today/yesterday/this week, per session, or per model. Shows main session, cron jo...
安全使用建议
This skill appears to do what it claims (compute token usage/costs from OpenClaw data), but there are concrete operational risks you should consider before installing or enabling it:
- Inspect the .context file (/opt/ocana/openclaw/workspace/skills/usage-costs/.context) before allowing the skill to run. Because the skill sources that file, any shell code in it would be executed — ensure it contains only simple key=value lines and no commands.
- Confirm the OpenClaw CLI and the directories referenced (/opt/ocana/openclaw/cron/runs, /opt/ocana/openclaw/agents/main/sessions, /opt/ocana/openclaw/workspace/data) are accessible only to trusted users; the skill reads potentially sensitive session and run logs.
- Be aware the skill appends to token-history.jsonl. If you want read-only reporting, avoid or sandbox the write step (or require manual approval before writes).
- Prefer safer alternatives: instead of sourcing a shell file, the skill could parse a JSON config or accept explicit declared env vars. If you maintain this environment, consider replacing 'source' with a non-executing parser.
- Run the skill with least privilege (non-root agent user) and, if possible, test in a staging environment first.
Why 'suspicious' rather than 'benign': there is no evidence of misdirection or external exfiltration, but the use of 'source' on a file and implicit reading/writing of shared system files increases risk and constitutes a mismatch with the declared metadata (no env vars declared). If you can confirm the .context contents are benign and you accept the on-disk writes, the remaining footprint is reasonable for the stated purpose.
If you want higher confidence, provide the contents of the .context file (or confirm it's purely key=value), and confirm file permissions/owners for the referenced paths — that information would allow raising confidence to high or downgrading the concern.
功能分析
Type: OpenClaw Skill
Name: usage-costs
Version: 1.0.0
The usage-costs skill is a legitimate utility designed to aggregate and report AI token usage and costs. It functions by parsing local session logs, cron history, and status reports within the /opt/ocana/openclaw/ directory structure. The provided Python and Bash scripts are transparent, lack obfuscation, and perform only the described data aggregation tasks without any evidence of data exfiltration or unauthorized execution.
能力评估
Purpose & Capability
The name/description (report token usage and estimated costs) matches what the SKILL.md does: it reads OpenClaw live status, cron run JSONL files, and token-history JSONL to compute usage and costs. No unrelated external services, credentials, or installs are requested.
Instruction Scope
Instructions tell the agent to 'source' a local .context file at /opt/ocana/... which will execute any shell code in that file (execution risk). The skill reads many local files (/opt/ocana/... cron runs, sessions, token-history) and explicitly instructs appending JSON to token-history.jsonl — i.e., it both reads and writes system-wide data. Reading those OpenClaw files is coherent for cost reporting, but sourcing an arbitrary file and writing to shared data increase the attack surface and privilege requirements.
Install Mechanism
Instruction-only skill with no install spec, no external downloads, and no dependencies. This is the lowest install risk.
Credentials
Registry metadata declares no required env vars, but SKILL.md expects variables provided by the sourced .context (OWNER_PHONE, PRICING_INPUT/OUTPUT/CACHE_READ). That mismatch means the skill will obtain configuration/secret values from an on-disk file rather than declared env vars. Sourcing a file to obtain these values can execute code and may expose hidden local settings; the skill does not request or need external API keys but it does access local potentially sensitive state.
Persistence & Privilege
The skill is not marked always:true and is instruction-only (no persistent install). However it instructs appending daily reports to /opt/ocana/openclaw/workspace/data/token-history.jsonl, so it will modify on-disk state under the OpenClaw workspace. Autonomous invocation is allowed by default (normal), which means the agent could run these read/write actions without extra user intervention.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install usage-costs - 安装完成后,直接呼叫该 Skill 的名称或使用
/usage-costs触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish from Heleni workspace
元数据
常见问题
usage-costs 是什么?
Report AI token usage and estimated costs. Use when: owner asks about costs today/yesterday/this week, per session, or per model. Shows main session, cron jo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 84 次。
如何安装 usage-costs?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install usage-costs」即可一键安装,无需额外配置。
usage-costs 是免费的吗?
是的,usage-costs 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
usage-costs 支持哪些平台?
usage-costs 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 usage-costs?
由 Netanel Abergel(@netanel-abergel)开发并维护,当前版本 v1.0.0。
推荐 Skills