Token Usage Tracker
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned and benign, but it creates local token-usage logs and includes optional background-service setup that users should review before enabling.
This skill is reasonable for local token tracking. Before installing, review the Python scripts, set the log folder deliberately, protect or rotate the token log if usage metadata is sensitive, and do not rely on the interceptor or summarizer as a secret-redaction tool. Only enable the systemd service if you intentionally want a background process, and edit its user and path first.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installation mistakes or unreviewed local placement could affect where logs are written or whether the interceptor runs as intended.
The skill contains runnable scripts but relies on manual installation rather than a declared install mechanism. This is disclosed and not inherently unsafe, but users need to review and place the scripts themselves.
No install spec — this is an instruction-only skill. Code file presence: 6 code file(s)
Review the included scripts and configuration before copying them into a workspace, and keep installation limited to the scripts you actually need.
The log can reveal usage history and model activity on the local machine, even though it does not log prompt or completion text in the provided code.
The tracker persistently writes per-call metadata such as call IDs, model names, token counts, and timestamps to a local JSONL log.
LOG_FOLDER.mkdir(parents=True, exist_ok=True) LOG_PATH = LOG_FOLDER / 'token_log.jsonl' ... f.write(json.dumps(entry, ensure_ascii=False) + '\n')
Choose an appropriate log folder, protect file permissions, and periodically delete or rotate logs if usage metadata is sensitive.
If users assume the interceptor redacts sensitive context before model use, sensitive text could still remain in the returned message.
The interceptor returns a shallow copy of the original message and does not remove a context field if one is present. This matters because the documentation uses sanitization/compression language, but the provided interceptor is mainly a logging/timestamp helper.
m = dict(msg) # shallow copy ... # Here we forward logging info only ... return m
Treat this as token-accounting and optional compression tooling, not as a privacy redaction layer; redact secrets separately before sending context to an LLM.
If enabled, the interceptor could keep running in the background and the hard-coded example user/path may be inappropriate for the installer’s system.
The included systemd unit is an example of a long-running background service that would restart on failure and run after boot if manually installed.
User=gerhard ExecStart=/usr/bin/python3 /path/to/token_interceptor.py Restart=on-failure WantedBy=multi-user.target
Enable the service only if continuous interception is intended, and edit the User and ExecStart values to the correct least-privileged account and reviewed script path.