Copilot Usage
v1.0.0Display GitHub Copilot premium request usage, quota, billing stats, and per-model multipliers for the authenticated user. Use when the user asks about their...
⭐ 0· 51·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Copilot usage, quota, billing, per-model multipliers) align with the included scripts and docs. The scripts call the GitHub REST billing endpoints via the gh CLI and require the manage_billing:copilot and user scopes — exactly what billing queries need. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md and the scripts only read/write a single local config (~/.config/copilot-usage/config.json), call gh api endpoints, and render a dashboard. They do not reference other system files, other skills' configs, or external endpoints beyond GitHub (no obfuscated endpoints or unexpected network sinks). The instructions are scoped and explicit about authentication and the manual plan configuration requirement.
Install Mechanism
There is no install spec — the skill is instruction+script-based and does not download or install remote code. Scripts rely on standard user tools (gh, python3, bash) already present on developer systems; nothing writes or extracts arbitrary archives.
Credentials
No declared environment variables, which is consistent. The only credential requirement is a GitHub classic Personal Access Token (via gh) with manage_billing:copilot and user scopes — this is necessary for billing endpoints but is a sensitive scope (billing access). The SKILL.md correctly warns fine-grained tokens aren't supported. Users should be aware this requires granting billing privileges to gh.
Persistence & Privilege
The skill does persist a small config file in ~/.config/copilot-usage/config.json to store the user's plan and quota; this is reasonable and documented. always:false and no changes to other skills or global settings are performed.
Assessment
This skill appears to do exactly what it says: call GitHub's Copilot billing API via the official gh CLI and show a local dashboard. Before installing or running: (1) review the scripts yourself — they will run locally and create ~/.config/copilot-usage/config.json; (2) understand you must authenticate gh with a classic PAT granting manage_billing:copilot and user scopes (billing scopes are sensitive — only grant to tokens you control); (3) gh stores auth state locally, so avoid running if you cannot protect that credential; (4) the plan quota is stored locally because the GitHub API doesn't provide it — keep that config private; and (5) if you don't want to grant billing scopes, do not run the scripts. Otherwise the skill is coherent and limited to the expected billing queries.Like a lobster shell, security has layers — review code before you run it.
latestvk97e6xdsg7k5agn3edqwarysdh84f01k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.