Api Cost Tracker
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears purpose-aligned for API cost analysis, with the main caution that it may use LLM provider API keys and local billing or usage exports.
This looks reasonable for analyzing API spending. Before installing or running it, review the bundled script, use exported billing files when possible, and only run API-key auto-detection with provider credentials you are comfortable using for billing or usage access.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run in an environment containing provider API keys, the script may access billing or usage information for those accounts.
The skill can use provider API keys from the environment to access usage or billing data. This is account-level access, but it matches the stated cost-tracking purpose.
Auto-detect | OPENAI_API_KEY ... ANTHROPIC_API_KEY ... OPENROUTER_API_KEY ... GOOGLE_AI_API_KEY
Use the narrowest available provider keys, prefer read-only billing/usage scopes where supported, and avoid running auto mode in shells containing unrelated credentials.
You are relying on the registry-provided script rather than a clearly attributable upstream project.
The skill does not provide an upstream source or homepage for provenance verification. The visible artifacts are coherent and static scan is clean, but users cannot independently verify the origin from the metadata.
Source: unknown; Homepage: none
Review the bundled script before use, pin the skill version, and avoid granting credentials unless you trust the package source.