Token Stats Reporter
v1.3.0Generate and append accurate token/cost statistics in replies with a reproducible local algorithm (snapshot+incremental log aggregation + dedupe). Use when u...
⭐ 0· 81·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's description (generate token/cost stats) matches its actions: it reads local session jsonl files and aggregates usage, and writes local state/counter files. Minor mismatch: SKILL.md tells the agent to run a hardcoded path (/home/admin/.openclaw/...), while the bundled script contains portable path-detection logic; this could cause the documented invocation to fail on systems where that exact path doesn't exist.
Instruction Scope
Instructions are narrow and specific: run the bundled Python script immediately before sending replies, append one exact token line, and fail-closed if the script fails. The script only reads local session logs (~/.openclaw/agents/main/sessions) and updates workspace/memory state. This is within scope for token reporting, but noteworthy because the skill will block sending messages if the script fails (operational impact) and it reads full conversation logs (sensitive data) — however it does not network-out or request extra credentials.
Install Mechanism
No install spec; skill is instruction-only with a bundled Python script. There are no network downloads or external package installs, and the script is present in the skill bundle. Low install risk.
Credentials
The skill requests no environment variables or credentials, which is appropriate. It does require read access to session log files (conversation transcripts) and write access to its own workspace/memory files — this access is necessary for its purpose but involves exposure of conversation contents, so consider privacy implications.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes state and counter files under its own workspace/memory directory (token-agg-state.json, token-counter.json), which is expected for aggregation state.
Assessment
This skill appears to do what it claims: it reads local conversation logs to compute token and cost stats and writes local state files. Before installing, verify (1) you are comfortable that the script will read your ~/.openclaw/agents/main/sessions logs (these contain user/assistant messages), (2) the hardcoded run path in SKILL.md matches your install location or update the invocation to the actual script path, (3) you are okay with the skill's fail-closed behavior (it can block sending messages if the script fails), and (4) you review the bundled script (it is local and contains no network calls). Consider testing in a non-production instance first and backing up session/state files.Like a lobster shell, security has layers — review code before you run it.
latestvk979q7vh0ckc3t9gtm8hg5qqa98491r8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.