ClawHub

Token Usage

v0.2.2

Multi-agent token burn analysis across all registered OpenClaw agents

0· 104·0 current·0 all-time
by@panthrocorp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description align with its actions: it enumerates ~/.openclaw/agents/, reads sessions/sessions.json, aggregates token and cost fields, and reports summaries. There are no unrelated required binaries, env vars, or installs.
Instruction Scope
Instructions are narrowly scoped to files under the user's OpenClaw home (~/.openclaw). The only non-reporting action is appending one JSON line to ~/.openclaw/workspace/memory/token-usage-history.ndjson (persistence described in Step 7). The SKILL.md explicitly states that the append runs every time the skill runs — this is expected for a history feature but worth noting.
Install Mechanism
Instruction-only skill with no install steps and no code files — minimal surface area and nothing new is written to disk beyond the declared history file append.
Credentials
The skill requests no environment variables, no credentials, and no external config paths beyond the OpenClaw workspace; required access is proportional to the stated task.
Persistence & Privilege
The skill persists a single NDJSON record to ~/.openclaw/workspace/memory/token-usage-history.ndjson on every run. always:false (not force-enabled) and no external network activity are good, but because model invocation is allowed by default, an autonomously-invoked run could write this history without a separate explicit user prompt.
Assessment
This skill is coherent with its purpose: it reads OpenClaw agent session files (~/.openclaw/agents/*/sessions/sessions.json), produces aggregated reports, and appends one history line to ~/.openclaw/workspace/memory/token-usage-history.ndjson. It does not request credentials, install software, or send data externally. Before installing or allowing autonomous use, decide whether you are comfortable with the skill creating/appending the local history file (it will do so on every run). If you want to be cautious: (1) inspect the sessions.json files to confirm they don't contain unexpected sensitive data, (2) run the skill manually once rather than allowing autonomous invocation, or (3) disable autonomous invocation for the skill so it cannot run without your explicit request.

Like a lobster shell, security has layers — review code before you run it.

latestvk974n6wb4wpr7q24b1kayrgnws84fc40

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔥 Clawdis
OSLinux

Comments