Session Cost
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: session-cost Version: 1.0.5 The session-cost skill is a legitimate utility designed to analyze local OpenClaw session logs for token usage and cost reporting. The primary script, scripts/session-cost.js, uses standard Node.js modules to read and aggregate data from .jsonl files within the ~/.openclaw/agents/ directory, with no evidence of network exfiltration, unauthorized file access, or malicious execution patterns.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Session logs can reveal historical agent activity, model usage, costs, timestamps, and session identifiers, even if the visible code focuses on metrics rather than message content.
The skill intentionally reads persistent OpenClaw session logs across agents to calculate usage and cost metrics.
By default, scans all agents in `~/.openclaw/agents/`. Each agent's sessions are read from `~/.openclaw/agents/<name>/sessions/`.
Use the provided filters such as --agent and --offset when you want a narrower report, and avoid sharing detailed or JSON output if usage history or session identifiers are sensitive.
If a broad custom directory is supplied, the skill may process more local JSONL files than intended.
The script accepts a user-supplied path and recursively reads matching .jsonl files under that directory.
args.path = argv[++i]; ... if (entry.isDirectory()) { walk(fullPath); } else if (entry.isFile() && entry.name.endsWith('.jsonl')Only pass trusted, narrowly scoped directories to --path; prefer the default OpenClaw sessions location or explicit --agent/--offset filters for routine cost reports.