Ai Spend Audit
v1.0.0Audit and optimize your company's AI spending by identifying waste, measuring ROI, right-sizing tool tiers, and consolidating vendors for cost savings.
⭐ 0· 438·0 current·0 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name and description promise an AI spend audit; the SKILL.md provides a detailed, plausible framework (inventory, scoring, model optimization, vendor consolidation, reporting) that matches that purpose. There are no unrelated dependencies, binaries, or config requirements declared.
Instruction Scope
The instructions are largely advisory and procedural. They do recommend actions that, in practice, require access to billing data, API-based models, and production queries (e.g., 'run 100 production queries through a cheaper model' and mapping API-based tools). The skill itself does not include code to perform these operations nor does it request credentials — implementers will need to supply data and keys. This is scope-appropriate but important to note: carrying out the recommendations will require sensitive inputs from the user.
Install Mechanism
No install spec and no code files are included; nothing is written to disk and there are no downloaded binaries. This is the lowest-risk installation profile.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for an instruction-only framework. However, several suggested checks implicitly require access to API keys, billing exports, or production queries. Users must provide those credentials or data to perform the audit; the skill does not attempt to obtain them automatically.
Persistence & Privilege
The skill does not request persistent presence (always:false), does not modify other skills, and contains no install steps that would alter agent/system configuration. Normal autonomous invocation remains possible but is not elevated by the skill itself.
Assessment
This skill is an advisory playbook (no code), so installing it itself is low-risk. Before executing an audit guided by this skill: 1) Do not paste long-lived API keys, passwords, or raw billing exports into chats—use read-only or scoped/ephemeral keys where possible. 2) Run any model-comparison tests on anonymized or synthetic data or in a staging environment to avoid leaking PII. 3) Provide the agent only the minimum data needed (e.g., aggregated billing exports, usage reports) rather than full credentials when possible. 4) Verify the AfrexAI links and the publisher if you need provenance or commercial support. 5) If you delegate execution to the agent, explicitly approve any concrete actions that would cancel subscriptions, change tiers, or share vendor credentials. Following these precautions will let you use the framework without exposing unnecessary secrets or production data.Like a lobster shell, security has layers — review code before you run it.
businessvk97ecfn5xsdw92rysxd7j5s70d81nd72latestvk97ecfn5xsdw92rysxd7j5s70d81nd72strategyvk97ecfn5xsdw92rysxd7j5s70d81nd72
License
MIT-0
Free to use, modify, and redistribute. No attribution required.