← 返回 Skills 市场
131
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install vibe-billing-scan
功能描述
Scan your OpenClaw logs to identify costly runs, sessions, retry storms, and looped tool calls driving your API bill higher, with no signup needed.
安全使用建议
This skill tells you to run an npx command that will download and execute a remote npm package, and offers an optional 'setup' that installs a proxy. Before running it: (1) review the npm package source (or the package maintainer and repo) — do not run if you can't find the code; (2) avoid running `npx vibe-billing setup` until you inspect what it installs and where it listens; (3) run the scan in an isolated/test environment or container and monitor network traffic to see if data is sent off-host; (4) check the landing page and npm package owner reputation; (5) prefer skills that include code or an explicit vetted install artifact, or ask the publisher for the package repository/commit hash you can audit. If you need help auditing the npm package URL or its source, provide the package name or repo and I can help review it.
功能分析
Type: OpenClaw Skill
Name: vibe-billing-scan
Version: 1.0.0
The skill encourages the use of `npx vibe-billing scan` and `npx vibe-billing setup` to analyze API costs. The 'setup' command is particularly concerning as it installs a local API proxy, which creates a high-risk Man-in-the-Middle (MITM) position capable of intercepting sensitive API keys and request data. While the stated purpose is cost management, the combination of remote code execution via `npx` and the installation of traffic-intercepting infrastructure in `SKILL.md` warrants a suspicious classification.
能力评估
Purpose & Capability
The stated purpose (scan local OpenClaw logs and proxy data) aligns with requiring a Node-based CLI (npx/vibe-billing). However the registry metadata you provided lists no required binaries while the SKILL.md header declares bins: [node, npx] — that mismatch is an inconsistency. Requesting node/npx is reasonable for a CLI tool, but the skill delegates execution to a remote npm package rather than shipping inspectable code.
Instruction Scope
Runtime instructions tell the user to run `npx vibe-billing scan` and optionally `npx vibe-billing setup` which installs a proxy. The SKILL.md does not limit which local files or paths will be read; a CLI run with npx can inspect arbitrary local logs, environment variables, and network traffic. The 'setup' step implies installing a persistent proxy that could intercept API requests and secrets — this is scope creep relative to an instruction-only skill and raises privacy/credential exposure concerns.
Install Mechanism
There is no bundled code or install spec; the skill relies on npx to pull and execute code from the npm registry at runtime. Executing unreviewed remote code via npx is a higher-risk install mechanism because it runs code fetched from the network on your machine. The homepage (https://api.jockeyvc.com) is an external endpoint but no package source or repository is included for review.
Credentials
The skill declares no required env vars or credentials, but the functionality (scanning logs and installing a proxy) typically needs access to logs and may encounter API keys or session tokens. The lack of declared environment requirements is therefore surprising and reduces transparency — the tool could still read sensitive environment variables or config files once executed.
Persistence & Privilege
always is false (good), but the optional `npx vibe-billing setup` implies installing a proxy for ongoing monitoring, which creates persistent system presence outside the agent. Because the skill is instruction-only and provides no inspectable code, that persistence would be opaque and potentially broad in privilege.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vibe-billing-scan - 安装完成后,直接呼叫该 Skill 的名称或使用
/vibe-billing-scan触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of vibe-billing-scan.
- Scans OpenClaw API usage to identify high-cost runs, sessions, or retry storms.
- Detects expensive retry loops, large context windows, and repeated tool calls.
- Provides a spend summary and detailed breakdown of where your API bill is going.
- Requires no signup; runs locally with one terminal command.
- Includes optional setup for ongoing monitoring.
元数据
常见问题
Vibe Billing Scan 是什么?
Scan your OpenClaw logs to identify costly runs, sessions, retry storms, and looped tool calls driving your API bill higher, with no signup needed. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 131 次。
如何安装 Vibe Billing Scan?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vibe-billing-scan」即可一键安装,无需额外配置。
Vibe Billing Scan 是免费的吗?
是的,Vibe Billing Scan 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Vibe Billing Scan 支持哪些平台?
Vibe Billing Scan 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Vibe Billing Scan?
由 shinertx(@shinertx)开发并维护,当前版本 v1.0.0。
推荐 Skills