Openclaw Cost Tracker

Security checks across malware telemetry and agentic risk

Overview

This skill transparently reads local OpenClaw session logs to summarize token usage and costs, with no evidence of hidden network access, credential use, or destructive behavior.

Install only if you are comfortable with a local tool reading OpenClaw session history to calculate spend. Verify the separate openclaw-cost-diff or ocost executable before relying on it, and treat JSON/dashboard exports as potentially sensitive because they can reveal usage timing, models, and cost patterns.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The script recursively scans local OpenClaw session files under the user's home or OPENCLAW_HOME directory and extracts usage/cost metadata without any explicit user-facing disclosure beyond CLI behavior. While this does not appear to exfiltrate data or access especially sensitive secrets, it can still surprise users by processing local activity records that may reveal model usage patterns, timing, and operational history.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal