Balance Checker
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and configured, the skill can use your provider credentials to read billing/balance information for the configured accounts.
The skill can read local OpenClaw configuration files to obtain Volcengine credentials. This is purpose-aligned and bounded to named credential keys, but it is still sensitive account access.
config_paths = [home / ".openclaw" / "openclaw.json", home / ".openclaw" / "clawdbot.json"] ... access_key = env_config.get('VOLCENGINE_ACCESS_KEY')Use only the provider keys you want this skill to access, prefer least-privilege/read-only billing credentials where available, and avoid placing unrelated secrets in config files accessible to skills.
Running the optional setup may install whatever current SDK version is available and may fail or behave inconsistently because the referenced helper filenames are absent.
The optional setup installs an unpinned Python dependency and references helper scripts that are not included in the manifest. This is related to the stated Volcengine feature, but users should be aware of dependency provenance and setup consistency.
pip install --upgrade pip pip install volcengine-python-sdk chmod +x volcengine_balance.sh chmod +x setup.sh
Review the setup script before running it, consider pinning the SDK version, and fix or remove stale references to missing helper scripts.