ClawHub

Lemnos Cost Guard

v1.2.2

Real-time API cost tracking, context bloat detection, and budget enforcement for OpenClaw agents. Use when setting up cost guardrails, checking daily spend,...

0· 441·1 current·1 all-time
by@getlemnos32
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description promise (real-time cost tracking, context-bloat detection, budget enforcement) matches the included scripts: session log readers (auto_cost_report.py, task_logger.py), manual logger (track_cost.py), reporters (cost_report.py, task_cost_report.py), and a workspace scanner (context_analyzer.py). Files and model_pricing.md align with model routing/cost math. No unrelated capabilities (cloud provisioning, sending credentials, or network exfiltration) are present.
Instruction Scope
SKILL.md instructs the agent/operator to read OpenClaw session JSONL files and workspace files (e.g., SOUL.md, USER.md, MEMORY.md, IDENTITY.md). That scope is appropriate for detecting context bloat and computing costs, but it does mean the skill will read potentially sensitive local content (identity/memory). The instructions do not direct data to any external endpoint; they only print or write local reports. SKILL.md's advice to 'include output verbatim in briefing' is an operational decision that could leak sensitive content if not reviewed.
Install Mechanism
No install spec — instruction-only with shipped Python scripts. Nothing is downloaded or extracted at install time. Running the scripts writes logs under the skill/workspace and reads existing OpenClaw session files; this is low-risk as long as scripts are executed locally and reviewed beforehand.
Credentials
The skill requests no environment variables or external credentials, which is proportional. It does, however, read files under /root/.openclaw (agent session JSONL files and workspace files such as USER.md, IDENTITY.md, MEMORY.md). That filesystem access is necessary for the stated purpose but exposes sensitive local content to the tool's processing and local logs, so users should be aware and comfortable with those read/write operations.
Persistence & Privilege
always:false (not force-included). The scripts create and write snapshots, logs, and reports in their own skill directories (references/, logs/). They do not modify other skills or global agent configuration. Autonomous invocation is allowed by platform default but not unusual; it increases blast radius only if you plan to grant the skill broad autonomous privileges — this skill itself does not request elevated system privileges.
Assessment
This skill appears to do what it says: it reads OpenClaw session JSONL files and workspace documents to compute token/cost metrics and detect context bloat, and writes local logs and reports. Before installing or running: 1) Review the shipped Python files yourself (they are small and readable) to confirm behavior. 2) Note the scripts read files like USER.md, IDENTITY.md, and MEMORY.md under /root/.openclaw — these can contain sensitive personal data; ensure you are comfortable with that data being parsed and stored in local cost logs. 3) The skill does not transmit data over the network, but if you plan to share reports or include outputs verbatim in briefings, scrub sensitive content first. 4) Run the scripts in a controlled/local environment with appropriate file permissions (or adjust the SESSION_DIR/LOG_DIR paths) if you want to limit exposure. 5) If you need third-party hosting or dashboard features (premium tier), verify any external services before providing credentials.

Like a lobster shell, security has layers — review code before you run it.

ai-agentvk9748z84c5vjb28t39f468rw9983657dapi-cost-monitorvk9748z84c5vjb28t39f468rw9983657dbudgetvk9748z84c5vjb28t39f468rw9983657dbudget-managementvk9748z84c5vjb28t39f468rw9983657dbusiness-automationvk9748z84c5vjb28t39f468rw9983657dcost-controlvk9748z84c5vjb28t39f468rw9983657dcost-guardvk9748z84c5vjb28t39f468rw9983657dlatestvk973rd6w2p0m7hyyv4jsttxb0n83sx4flobster-toolvk9748z84c5vjb28t39f468rw9983657dopen-source-aivk9748z84c5vjb28t39f468rw9983657dopenclawvk9748z84c5vjb28t39f468rw9983657dsolo-operatorvk9748z84c5vjb28t39f468rw9983657d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments