ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Bill Clawhub

v2.2.5

Real-time AI API usage tracking and cost monitoring for OpenClaw. Track spending across OpenAI, Claude, Gemini, Kimi, DeepSeek, and Grok with live dashboard....

0· 1.4k·2 current·4 all-time
by@fumarole16-afk
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements a realtime billing/usage dashboard which aligns with the skill name/description. However there are multiple mismatches (installer and README reference different GitHub repo names: bill-project vs project-bill vs project-bill-master; several file paths differ across SKILL.md, collector.js, and scripts). The installer and scripts also attempt system-level actions (sudo, systemd service installation, writing to /var/www/html) that are beyond a simple in-agent billing helper and are disproportionate unless you expect a self-hosted system service.
!
Instruction Scope
SKILL.md explicitly directs an agent to read files under /root/.openclaw/workspace/bill_project/... and to update vault.json on the user's behalf. The collector code reads agent session data (/root/.openclaw/agents/main/sessions/sessions.json) and the OpenClaw config (/root/.openclaw/openclaw.json). Reading those paths can surface sensitive session/config information; writing vault.json or updating config is a scope-expanding action. There are also inconsistent references to usage.json locations (SKILL.md vs code).
!
Install Mechanism
Although registry metadata shows 'instruction-only', the bundle includes an installer script that downloads a zip from GitHub (curl/wget -> unzip -> npm install) and runs privileged actions. The installer uses sudo to copy systemd unit files and enable/start services. The repository URLs and archive names are inconsistent (bill-project vs project-bill), which is sloppy and increases risk (a crafted URL mismatch could point to an unexpected repo). The sync_prices.sh script writes fabricated pricing (adds 'GPT-9-ULTRA') and writes to a root path; using curl/wget + unzip + npm install from remote sources is higher risk and should be treated as arbitrary code execution if run.
!
Credentials
The skill declares no required environment variables or credentials, yet the collector and server access many system paths (agent sessions, OpenClaw config, /root/.openclaw workspace files) and write to system locations (/var/www/html). Accessing agent session files and the OpenClaw config can expose conversation metadata and runtime defaults. The lack of declared credentials while code touches these sensitive files is a mismatch and reduces transparency about what will be accessed.
!
Persistence & Privilege
Installer.sh attempts to create systemd services (copies files to /etc/systemd/system and enables/starts them) or to start background Node processes. That creates persistent background collectors running as system services and requires sudo. The skill does not declare 'always: true' but the installer’s use of systemd and nohup gives it persistent presence and elevated privileges if the user runs the installer with sudo.
What to consider before installing
Do not run the included installer or setup scripts without manual review. Specific risks to consider: - The collector reads agent session files (/root/.openclaw/agents/...) and the OpenClaw config — these can contain sensitive runtime/session metadata; confirm you are comfortable with that access. - Installer.sh uses sudo to install systemd services and writes to system locations (/etc/systemd/system, /var/www/html). That gives persistent, privileged background processes; only allow if you trust the code and run it on an isolated host. - Several repository and path names are inconsistent (bill-project vs project-bill vs ai-bill etc.) and SKILL.md paths don't always match code. This could be sloppy or indicate copy-paste errors; it is a red flag — verify the canonical source repository and inspect it yourself. - The web UI includes weak client-side locking (hard-coded SECURE_CODE = "1234") and the collector writes usage to /var/www/html, which may expose billing/session data publicly without authentication. Recommendations: 1) Inspect the full code locally (collector.js, installer.sh, setup.js) before running anything. Search for all file reads/writes and network calls. 2) If you want to try it, run on an isolated VM/container (not your primary machine) and do not run installer.sh with sudo until you’ve audited the service unit files it would install. 3) Remove or change any code that writes usage to a public webroot, and protect the dashboard with a real server-side auth mechanism. 4) Confirm the authoritative GitHub repository and verify checksums/releases instead of piping curl|bash from an unknown URL. 5) If you cannot audit the code, prefer an alternative tool from a known, trusted source.

Like a lobster shell, security has layers — review code before you run it.

latestvk9776ezt9ghbx76b5b5m51x0p581h6m3
1.4kdownloads
0stars
3versions
Updated 16h ago
v2.2.5
MIT-0
@fumarole16-afk
latest
Download

AI Bill Intelligence

Real-time billing dashboard for OpenClaw. Accurate token-based cost tracking across 12+ AI providers.

🚀 Installation

openclaw skill install https://github.com/fumabot16-max/bill-project

🛠 Usage

The skill operates via a background collector. As an agent, you can help the user by:

  1. Reporting Usage: Read /root/.openclaw/workspace/bill_project/dist/usage.json to summarize spending.
  2. Updating Balances: Redirect the user to the /setup page or update vault.json on their behalf.
  3. Checking Health: Ensure the ai-bill service and collector.js are running.

⚙️ Configuration

  • Port: Default is 8003.
  • Modes: prepaid, postpaid, subscribe, unused (off).

📂 Managed Files (Declarations)

This skill manages the following data files inside the app/ directory:

  • app/vault.json: User-defined balances and payment modes.
  • app/prices.json: AI model pricing data.
  • app/cumulative_usage.json: Archived costs from expired sessions.
  • app/dist/usage.json: Real-time aggregated usage data for the dashboard.
  • app/debug.log: Collector activity logs.

Built by Tiger Jung & Chloe (@fumarole16-afk).

<!-- Sync trigger: Fri Feb 20 22:36:10 KST 2026 -->

Comments

Loading comments...