ClawHub

Agent Audit

v1.0.0

Audit your AI agent setup for performance, cost, and ROI. Scans OpenClaw config, cron jobs, session history, and model usage to find waste and recommend opti...

0· 1.6k·18 current·21 all-time
bysharbel@sharbelayy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the code and SKILL.md: the skill reads OpenClaw config, enumerates agents/crons, classifies tasks, and estimates cost using an embedded pricing table. It does not request unexpected credentials or binaries.
Instruction Scope
SKILL.md and the script instruct the agent to read OpenClaw config files (e.g. ~/.openclaw/openclaw.json) and cron run history/session history. The shipped script reads local config and contains placeholders for cron API calls; pulling remote provider billing would require extra permissions not requested here. This is within scope for an audit tool, but 'pull session history' and 'cron API access' are ambiguous and may require additional explicit permissions when fully enabled.
Install Mechanism
Instruction-only skill with no install spec and one readable Python script. No downloads, no package installs, and no extract/run of remote code are present.
Credentials
The skill declares no environment variables, no credentials, and no config paths beyond OpenClaw locations. The required access (reading OpenClaw config and local cron history) is proportionate to the stated purpose. It does not request cloud provider credentials (note: that would be needed for billing-level accuracy, but the skill does not claim to use them).
Persistence & Privilege
The skill is not always-enabled and does not modify system or other skills' configs. SKILL.md states it is read-only and the code does not persist changes.
Assessment
This skill appears to be what it says: a read-only audit that reads your OpenClaw config and (when available) cron/session history to estimate token usage and recommend model tier changes. Before running: (1) review scripts/audit.py yourself (it runs locally and will read files under ~/.openclaw and related config locations); (2) run with --dry-run and --output to inspect results without making changes (the tool claims it never writes config automatically); (3) be aware that the tool estimates costs using the included pricing table — it does not access provider billing APIs or require API keys, so its cost estimates are approximate unless you supply cron/session histories that include accurate token counts; (4) if you plan to grant it access to an OpenClaw cron API or other telemetry, understand what those endpoints expose (session contents, logs, or tokens may contain sensitive data). If you want absolute assurance, run the script in a safe environment or audit the code line-by-line; otherwise the skill is coherent and proportionate for its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk976rtjrtyfp8zc6tzjpada7a581chsj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments