Billing Monitor

v1.0.2

Monitor for API billing errors and alert the owner and admin immediately. Use when: an API billing error is detected, a peer PA reports a billing error, or d...

⭐ 0· 123·1 current·1 all-time

byNetanel Abergel@netanel-abergel

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for netanel-abergel/billing-monitor.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Billing Monitor" (netanel-abergel/billing-monitor) from ClawHub.
Skill page: https://clawhub.ai/netanel-abergel/billing-monitor
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install billing-monitor

ClawHub CLI

Package manager switcher

npx clawhub@latest install billing-monitor

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill claims to monitor billing and alert/auto-switch models — that purpose legitimately requires provider API keys (OpenAI/Anthropic/Google), notification targets (owner/admin phones or channels), and a fallback config. However the registry metadata lists no required env vars, no required config paths, and no primary credential. This is inconsistent: the instructions clearly depend on ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY, OWNER_PHONE/ADMIN_PHONE (or a sourced context file) and config/billing-fallback.json.

Instruction Scope

The SKILL.md tells the agent to source /opt/ocana/openclaw/workspace/skills/billing-monitor/.context (which may contain sensitive secrets), to check several environment variables for provider keys, to run curl against provider APIs, to call `openclaw config set model` (modifying agent config), and to write logs under $HOME/.openclaw. Sourcing an absolute /opt path and modifying agent configuration are beyond what a minimal 'notification' skill should do and are not reflected in declared requirements.

✓

Install Mechanism

Instruction-only skill with no install spec and no code files. This reduces supply-chain risk because nothing new is downloaded or written by an installer. The runtime actions still read/write local files and run commands, but there is no separate install mechanism to evaluate.

Credentials

The skill will access multiple sensitive env vars (ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_API_KEY) and expects notification contact info (OWNER_PHONE, ADMIN_PHONE) and a fallback config file. Those are proportionate to the stated purpose, but the metadata does not declare them — the skill does not advertise it needs these credentials. Also the health-check script reads provider keys from the environment and will perform network calls using them, which should be explicitly declared.

ℹ

Persistence & Privilege

always:false (normal) and autonomous invocation allowed (default). The skill instructs modifying the agent's model setting via `openclaw config set model` (its own agent config), which can be reasonable for an auto-fallback, but combined with the undocumented sourcing of /opt/.../.context and reading of env vars it increases the blast radius. No evidence the skill tries to persist beyond its own config (no 'always:true' or other privilege escalation), but clarify the scope of the context file and confirm this skill only writes its own logs/config.

What to consider before installing

Before installing, ask the publisher to: (1) update the skill metadata to list all required environment variables and config paths (provider API keys, owner/admin contacts, billing-fallback.json, any .context file path); (2) explain why the skill needs to source /opt/ocana/.../.context and what data that file contains (avoid sourcing arbitrary system-wide files with secrets); (3) confirm that `openclaw` is available on the target system and document what `openclaw config set model` changes and whether it affects other agents; (4) Restrict who can run the health-check cron and ensure logs/credentials are stored with least privilege; and (5) test in a sandboxed agent (no production credentials, use test keys) to verify behavior. If the publisher cannot justify the undocumented env vars and absolute paths, treat this as higher risk and do not install in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk9765bsvbm6p7t0kfvfjj26vrn847fdk

123downloads

0stars

3versions

Updated 3w ago

v1.0.2

MIT-0

Billing Monitor Skill

Load Local Context

CONTEXT_FILE="/opt/ocana/openclaw/workspace/skills/billing-monitor/.context"
[ -f "$CONTEXT_FILE" ] && source "$CONTEXT_FILE"
# Then use: $OWNER_PHONE, $ADMIN_PHONE, $BILLING_LOG, $BILLING_FALLBACK_CONFIG, etc.

Minimum Model

Any model. Detection and alerting are rule-based. No reasoning required.

When to Run This Skill

Run when you see ANY of these in an API response:

your API key has run out of credits
insufficient balance
billing_error
payment_required
exceeded your current quota
HTTP 402
"type": "billing_error"

When NOT to Alert the Owner

Routine billing check completed with no errors → silent, no message
HTTP 200 / all clear → silent, no message
ElevenLabs 401 (auth, not billing) → silent unless TTS is actively needed

Only alert the owner if:

HTTP 402 detected (out of credits)
LLM is unreachable and the agent cannot function
A peer PA reports a billing error

Routine health checks run silently. The owner does not need a "billing OK" message.

NOTE (Production): Netanel uses a proxy — billing-health-check cron has been REMOVED as not relevant. Only alert on actual API failure detected during real usage.

Response Steps (Run in Order)

Step 1 — Notify Owner

Send via WhatsApp (or preferred channel):

⚠️ Billing issue — I can't respond normally.
My API key ran out of credits (or was rate-limited).
Please top up or switch my API key in agent settings.

Step 2 — Notify Admin

[PA Name] has a billing error.
Owner: [Owner Name]
Action: top up API credits or reassign key.
Time: [current timestamp]

Step 3 — Switch to Fallback Model

Check if config/billing-fallback.json exists
If yes → read the fallback_model field
Run: openclaw config set model "$FALLBACK_MODEL"
If the command fails → tell owner: "Auto-switch failed — please update model manually in agent settings"
Notify owner: "Switched to [Fallback Model] temporarily while primary key is resolved"

If billing-fallback.json doesn't exist → skip this step and tell admin to configure it.

Step 4 — Log the Incident

LOG_DIR="$HOME/.openclaw/workspace/logs"
mkdir -p "$LOG_DIR"

# Append one line to the log file
echo "$(date -u +%Y-%m-%dT%H:%M:%SZ) BILLING_ERROR api_key_exhausted" \
  >> "$LOG_DIR/billing-incidents.log"

Health Check Script

Run this during heartbeat to catch billing issues before they cause failures:

#!/bin/bash
# billing-check.sh
# Checks the LLM provider API key configured in env vars

set -e

LOG_DIR="$HOME/.openclaw/workspace/logs"
mkdir -p "$LOG_DIR"
TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)

# Detect provider from env vars (check in order)
if [ -n "${ANTHROPIC_API_KEY:-}" ]; then
  PROVIDER="Anthropic"
  HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
    -H "x-api-key: ${ANTHROPIC_API_KEY}" \
    -H "anthropic-version: 2023-06-01" \
    -H "content-type: application/json" \
    -d "{\"model\":\"claude-haiku-20240307\",\"max_tokens\":1,\"messages\":[{\"role\":\"user\",\"content\":\"ping\"}]}" \
    https://api.anthropic.com/v1/messages 2>/dev/null)

elif [ -n "${OPENAI_API_KEY:-}" ]; then
  PROVIDER="OpenAI"
  HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
    -H "Authorization: Bearer ${OPENAI_API_KEY}" \
    -H "content-type: application/json" \
    -d "{\"model\":\"gpt-4o-mini\",\"max_tokens\":1,\"messages\":[{\"role\":\"user\",\"content\":\"ping\"}]}" \
    https://api.openai.com/v1/chat/completions 2>/dev/null)

elif [ -n "${GOOGLE_API_KEY:-}" ]; then
  PROVIDER="Google"
  HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
    "https://generativelanguage.googleapis.com/v1beta/models?key=${GOOGLE_API_KEY}" 2>/dev/null)

else
  echo "$TIMESTAMP SKIP no API key env var found" >> "$LOG_DIR/billing-incidents.log"
  exit 0
fi

# Act on the HTTP status code
case "$HTTP_STATUS" in
  200)
    echo "$TIMESTAMP OK $PROVIDER" >> "$LOG_DIR/billing-incidents.log"
    ;;
  402)
    echo "$TIMESTAMP BILLING_ERROR $PROVIDER HTTP_402" >> "$LOG_DIR/billing-incidents.log"
    echo "BILLING ERROR — run the 4-step response protocol above"
    exit 1
    ;;
  401)
    echo "$TIMESTAMP AUTH_ERROR $PROVIDER HTTP_401" >> "$LOG_DIR/billing-incidents.log"
    echo "AUTH ERROR — invalid API key, notify admin"
    exit 1
    ;;
  429)
    echo "$TIMESTAMP RATE_LIMITED $PROVIDER HTTP_429" >> "$LOG_DIR/billing-incidents.log"
    echo "RATE LIMITED — wait 60 seconds and retry. Not a billing issue."
    exit 2
    ;;
  *)
    echo "$TIMESTAMP UNKNOWN $PROVIDER HTTP_$HTTP_STATUS" >> "$LOG_DIR/billing-incidents.log"
    echo "UNKNOWN ERROR HTTP $HTTP_STATUS"
    exit 1
    ;;
esac

HTTP status meanings:

200 → OK
402 → Billing error → run 4-step protocol
401 → Invalid key → notify admin
429 → Rate limit (temporary) → wait and retry, do NOT trigger billing protocol

Fallback Config File

Create config/billing-fallback.json in your workspace:

{
  "primary_provider": "your-primary-provider",
  "primary_model": "your-primary-model",
  "fallback_provider": "your-fallback-provider",
  "fallback_model": "your-fallback-model",
  "admin_phone": "+1XXXXXXXXXX",
  "alert_channel": "whatsapp"
}

Replace placeholders with real values. Examples:

Anthropic → OpenAI: "primary_provider": "anthropic", "primary_model": "claude-haiku-20240307", "fallback_provider": "openai", "fallback_model": "gpt-4o-mini"

Recovery (After Credits Restored)

Owner confirms credits are topped up.

Read the primary model name from config:

PRIMARY=$(python3 -c "
import json
with open('config/billing-fallback.json') as f:
    print(json.load(f)['primary_model'])
")

Switch back to primary:
```
openclaw config set model "$PRIMARY"
```

Log the recovery:

echo "$(date -u +%Y-%m-%dT%H:%M:%SZ) BILLING_RESTORED" \
  >> ~/.openclaw/workspace/logs/billing-incidents.log

Notify owner: "✅ Primary model restored. Normal service resumed."

Edge Cases

Scenario	Action
429 rate limit	Wait 60s, retry. Do NOT trigger billing protocol.
5xx server error	Retry 2x with 10s delay. If persists → notify owner.
Both primary AND fallback billing errors	Escalate to admin immediately. Agent cannot function.
No API key env var set	Log as config issue. Notify admin.
Peer PA reports billing error	Log it. Notify admin if you are the network coordinator.

Cost Tips

Cheap: Health checks with curl — no LLM cost at all
Expensive: Running health checks too frequently wastes money. Every 2 hours is enough.
Batch: Combine billing check with other heartbeat checks in one script run
Small model OK: This skill needs no reasoning — any model can send a notification message

Running via Cron (Recommended)

Instead of a plugin, run billing-monitor as a scheduled skill via cron:

{
  "id": "billing-health-check",
  "schedule": { "kind": "cron", "expr": "0 * * * *", "tz": "UTC" },
  "sessionTarget": "isolated",
  "payload": {
    "kind": "agentTurn",
    "message": "Run the billing-monitor skill: check all configured API keys for billing errors. If any provider returns 402, send an alert to the admin phone and update billing-status.json. Reply HEARTBEAT_OK if all clear."
  },
  "delivery": { "mode": "silent" }
}

This runs every hour and alerts automatically — no plugin required.

Comments

Loading comments...