ClawHub

Session Cost

v1.0.4

Analyze OpenClaw session logs to report token usage, costs, and performance metrics grouped by agent and model. Use when the user asks about API spending, to...

1· 2.1k·7 current·7 all-time
byKevin Haney@khaney64
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description state: analyze OpenClaw session logs for token/cost metrics. The shipped script reads ~/.openclaw/agents/*/sessions/*.jsonl (or a user-specified path) and computes token/cost summaries. Required binary 'node' is appropriate and proportional.
Instruction Scope
SKILL.md and the script explicitly instruct the agent to read session .jsonl files and produce summaries. The behavior is narrowly scoped to reading session logs; options allow filtering by agent, provider, or directory. The skill does read arbitrary .jsonl files in any path you pass with --path, which is expected for this utility but means you should not point it at directories containing unrelated sensitive data.
Install Mechanism
There is no install spec; this is instruction-plus-script and requires an existing node binary. No remote downloads, package installs, or archive extraction are present.
Credentials
The skill declares no environment variables or credentials and the code does not access global env secrets. It only reads filesystem paths (defaulting to the user's home .openclaw agents folder). No requests for unrelated tokens/keys detected.
Persistence & Privilege
always is false and the skill does not modify other skills, agent configuration, or system-wide settings. The script is read-only (reads files) and does not persist privileged configuration.
Assessment
This skill appears to do what it says: it reads OpenClaw session .jsonl logs (by default under ~/.openclaw/agents/) and computes token/cost summaries. It requires node to run. Before installing or running: (1) confirm you trust the machine-local .jsonl files being read (don't point --path at directories with unrelated sensitive data), (2) review the script if you want to be sure it won't be modified to exfiltrate data, and (3) run it locally (not on a multi-tenant system) if logs contain sensitive information. Note: the agent can invoke the skill autonomously (normal default), so if you enable autonomous behaviors be aware it may run the script without prompting.

Like a lobster shell, security has layers — review code before you run it.

1.0.0vk979am5en22v3cx21v20c3w47d80qbswlatestvk97fgfhapze0xjv2thd8dvng0x83dxcg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binsnode

Comments