Drip OpenClaw Billing
v1.1.1Add usage metering and billing telemetry to OpenClaw agents using Drip. Use when you need per-run cost attribution, tool-call usage tracking, and customer-le...
⭐ 2· 485·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description match the behavior in SKILL.md and references (start_run, events, usage, end_run). Requested credentials (DRIP_API_KEY, OPENCLAW_IDENTITY_TOKEN) and optional DRIP_BASE_URL/DRIP_WORKFLOW_ID are appropriate for a telemetry/billing integration. One minor inconsistency: the registry summary at the top of the package metadata states 'Required env vars: none', while SKILL.md and _meta.json list several env vars — confirm which is authoritative.
Instruction Scope
SKILL.md confines instructions to telemetry operations (start run, emit events, track usage, end run) and explicitly forbids sending raw prompts, outputs, credentials, or PII. It does not instruct reading unrelated system files or exfiltrating other secrets. The Node/Python examples assume existing Drip SDKs but do not include explicit dependency installation or commands to collect extra system context — verify SDK availability on your agent runtime.
Install Mechanism
This is an instruction-only skill with no install spec or code — low risk because nothing is written to disk by the skill itself. Note: SKILL.md references npm/@drip-sdk and a Python 'drip' package but the skill provides no dependency list or install steps for those SDKs (other than 'clawhub install' - which may be platform-managed). Confirm how the runtime will provide the SDKs before relying on the examples.
Credentials
The only environment/credential requirements (DRIP_API_KEY and alternate OPENCLAW_IDENTITY_TOKEN, plus optional base URL and workflow id) are proportionate to a billing/telemetry integration. All listed env vars are reasonable for the stated purpose. The SKILL.md marks them optional; verify whether your deployment requires them and prefer least-privilege/scoped keys as recommended.
Persistence & Privilege
No elevated privileges requested: always:false, user-invocable:true, and there is no indication the skill modifies other skills or system-wide configs. The skill does not request persistent system presence beyond being invoked by the agent.
Assessment
This skill appears to do exactly what it says: send run, event, and usage telemetry to Drip. Before installing: 1) Confirm which metadata is authoritative (the registry summary said 'no required env vars' but SKILL.md/_meta.json list DRIP_API_KEY and others). 2) Use a scoped, least-privilege DRIP_API_KEY (or the lightweight OPENCLAW_IDENTITY_TOKEN) and avoid giving any key that allows full account control. 3) Verify the Drip SDKs referenced in the examples are available in your agent runtime or supply/install them in a controlled way. 4) Validate in staging that the agent never sends raw prompts, model outputs, credentials, or PII (the skill requests this, but enforcement depends on your instrumentation). 5) Review the concrete Drip endpoints you will be posting to (DRIP_BASE_URL) and confirm you trust that service and its retention/processing policies. If you want higher assurance, ask the publisher for the actual SDK/package sources or a link to the Drip API docs/owner homepage before deploying in production.Like a lobster shell, security has layers — review code before you run it.
latestvk97fm97pzktbvb0qh8fkb17eyh83yfw2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.