Token Ledger (SQLite)
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill is mostly transparent and purpose-aligned, but it creates a local persistent token ledger and optionally runs a background watcher over OpenClaw session logs, so users should review those local data and persistence choices.
This appears safe for its stated purpose if you want a local OpenClaw token/cost ledger. Run the one-shot mode first, review the LaunchAgent plist before installing the daemon, and treat the generated ledger database as private usage and cost metadata.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed, the watcher can keep running in the background and continuously update the local ledger from OpenClaw session logs.
The skill explicitly supports a long-running background watcher. This is disclosed and purpose-aligned, but it means the skill can continue processing local session logs after setup.
A **watcher daemon** that tails OpenClaw session JSONL files and writes usage into SQLite (near-real-time).
Use the one-shot backfill first if possible, install the daemon only if continuous tracking is desired, and use the documented unload command to stop it.
The ledger may reveal model usage, session identifiers, token counts, and cost patterns to anyone with access to the local account/files.
The skill persistently stores derived usage/cost records from local OpenClaw session files. The storage is local and aligned with the purpose, but it creates a durable record of session/model/cost metadata.
SQLite DB: `~/.openclaw/ledger.db` ... Sessions JSONL source: `~/.openclaw/agents/main/sessions/*.jsonl`
Treat ~/.openclaw/ledger.db as private financial/session metadata and protect or delete it according to your retention needs.
The documented daemon install may fail or may depend on a LaunchAgent template not shown in the provided artifact set.
The renderer expects a LaunchAgent plist template, but the file manifest provided for review does not include that plist. Because the plist defines the persistent daemon configuration, users should inspect it if present before loading it.
Path(__file__).with_name('com.openclaw.token-ledger-watcher.plist').read_text()Before running launchctl load, confirm the plist file exists and verify it only runs the intended ledger_watcher.py command with expected user-level settings.