Token Cost Monitor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mainly cost-monitoring guidance with a harmless price-reference script, though users should notice optional examples that send cost summaries to Slack or email.
This appears safe to install as a cost-reference and cost-optimization guidance skill. Before using alert integrations, confirm where summaries will be sent and avoid exposing private spending or task information to untrusted channels.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you follow the alert integration examples, spending information may be shared with Slack, Discord, or email recipients.
The skill documents optional webhook and email alert examples that would transmit cost summaries to external services if the user chooses to configure them.
curl -X POST https://hooks.slack.com/services/YOUR/WEBHOOK/URL ... "Daily OpenClaw cost: $5.00 (Budget: $10.00)"
Only configure alerts to trusted destinations, avoid including sensitive task details in messages, and do not treat the local-only privacy statement as applying once you enable external alert examples.