Ai Bill Clawhub
WarnAudited by ClawScan on May 10, 2026.
Overview
The billing dashboard mostly matches its purpose, but it needs review because it runs a persistent collector and exposes billing data/settings through unauthenticated web endpoints and web-root files.
Before installing, only run this on a machine where you can firewall or bind port 8003 to localhost, add real authentication, and are comfortable with a persistent collector reading OpenClaw session metadata. Avoid the curl/bash-style installer unless you have reviewed the remote repository and sudo service changes.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can reach the service could view configured balances/modes or alter the dashboard’s billing data.
The dashboard exposes routes that read and overwrite the billing configuration, and the shown handlers contain no authentication, authorization, or user-approval checks.
app.get('/api/vault', ... res.json(vault)); ... app.post('/api/setup', ... fs.writeFileSync(vaultPath, JSON.stringify(data, null, 2));Bind the service to localhost by default or add authentication, CSRF protection, and explicit confirmation before allowing balance/config changes.
Provider/model usage and spending patterns may be retained and served from locations the user did not expect, especially if the web root is public.
The collector continuously reads the main OpenClaw session store and writes derived usage summaries to a persistent web-root path outside the managed app files declared in SKILL.md.
const SESSION_PATH = '/root/.openclaw/agents/main/sessions/sessions.json'; ... const WEB_MAIN_PATH = '/var/www/html/bill/usage.json'; ... fs.writeFileSync(WEB_MAIN_PATH, jsonStr); ... setInterval(calculateUsage, 27000);
Clearly disclose the exact source and destination paths, avoid writing to public web roots unless the user opts in, and define retention and access controls for generated usage data.
A later change in the remote repository or dependency tree could change what is installed without ClawHub review.
The installer fetches a mutable branch archive at install time and installs dependencies, so the executed code may differ from the reviewed registry artifact.
wget -q https://github.com/fumabot16-max/project-bill/archive/refs/heads/master.zip -O master.zip ... npm install --silent
Pin downloads to immutable commits or releases, verify checksums, and prefer the reviewed package contents over curl/bash-style installers.
Installing via this script could modify system-level service configuration and keep the collector running with elevated installation privileges.
The included installer can write system service files and enable/start services with sudo, which is broader privilege than the registry metadata declares.
sudo cp systemd/*.service /etc/systemd/system/ ... sudo systemctl enable ai-bill ai-bill-collector ... sudo systemctl start ai-bill ai-bill-collector
Require explicit user consent for sudo actions, document the service files and uninstall steps, and use least-privilege user services where possible.
Running setup may execute npm lifecycle behavior from the local dependency tree.
The setup helper executes npm install if node_modules is missing. This is a normal dependency setup pattern, but it still runs external package installation.
execSync('npm install', { stdio: 'inherit' });Review package.json/package-lock.json and run setup only in a trusted environment.