ClawHub

Cost Guardian

v1.0.0

Track, analyze, and optimize AI and infrastructure costs with budgeting, spend forecasts, token usage scans, and optimization suggestions.

0· 427·2 current·2 all-time
by@mariusfit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (cost tracking, token scans, budgets) align with the included script and SKILL.md: the script stores costs, scans gateway log directories for token usage, produces reports and budgets. No unrelated credentials or services are requested.
Instruction Scope
Instructions are specific to running the bundled Python script and its subcommands (init, track, scan-tokens, report, optimize). The script reads log files from a small set of expected OpenClaw gateway/log locations (e.g., ~/.openclaw/logs, /var/log/openclaw). This is expected for token scanning but means it will read any files found there — those logs can contain sensitive data, so verify the log paths before running.
Install Mechanism
No install spec — instruction-only plus a pure-Python script that uses only the stdlib. Nothing is downloaded or written outside the user's data directory (~/.openclaw/workspace/costs/) except where it reads logs. This is low-risk for supply-chain installs.
Credentials
The skill does not require credentials or privileged environment variables. It honors COST_GUARDIAN_DIR if set and uses NO_COLOR for output; these are reasonable and limited. No unrelated secrets are requested.
Persistence & Privilege
Does not request always:true or system-wide privileges. It stores its database and config under ~/.openclaw/workspace/costs/ and creates files there when initialized — this is consistent with its purpose.
Assessment
This skill appears coherent for cost tracking and token-scanning. Before installing or running it: (1) review the full scripts/cost-guardian.py source yourself (or in a sandbox) to confirm there are no unexpected network calls or obfuscated code; (2) confirm the gateway log paths it will scan (default ~/.openclaw/logs and /var/log/openclaw) so it does not read unrelated sensitive logs; (3) run init and first scans with limited filesystem permissions if possible; (4) back up any existing ~/.openclaw/workspace/costs/ data you care about. If you need higher assurance, request a full trace of any network activity the script performs when executed.

Like a lobster shell, security has layers — review code before you run it.

budgetvk97dyp3k8tf97wqpbmfem4sqb581rsfxcostvk97dyp3k8tf97wqpbmfem4sqb581rsfxlatestvk97dyp3k8tf97wqpbmfem4sqb581rsfxmonitoringvk97dyp3k8tf97wqpbmfem4sqb581rsfxoptimizationvk97dyp3k8tf97wqpbmfem4sqb581rsfx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments