ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Daily Cost Report

v1.0.0

Generate detailed daily OpenClaw cost reports by agent, model, and channel, with HTML email formatting and optional automated delivery.

0· 201·1 current·1 all-time
byKarl Varga@kjvarga

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kjvarga/daily-cost-report.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Daily Cost Report" (kjvarga/daily-cost-report) from ClawHub.
Skill page: https://clawhub.ai/kjvarga/daily-cost-report
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install daily-cost-report

ClawHub CLI

Package manager switcher

npx clawhub@latest install daily-cost-report
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The scripts implement an OpenClaw session-based cost reporter and emailer, which matches the skill name/description. However, SKILL.md declares a required env var OPENAI_API_KEY even though none of the shipped scripts use it; the registry metadata also lists no required envs. That mismatch is incoherent and should be explained by the author.
Instruction Scope
Runtime instructions ask the agent to exec the included bash scripts (expected for this type of skill). The scripts call 'openclaw sessions --all-agents --json', parse session data, format reports, and use the local 'mail' command to send HTML. They only read OpenClaw session output, temporary files (/tmp), and user information via 'whoami' — there are no external network endpoints or opaque data-collection steps in the scripts themselves. The SKILL.md does show manual exec examples which will run arbitrary shell commands on the host when invoked; that's normal for local script-based skills but increases risk if the scripts are modified.
Install Mechanism
Instruction-only skill with no install spec (scripts only). This lowers install-time risk because nothing is downloaded/executed at install time. The scripts assume certain binaries are present (openclaw CLI, jq, awk, mail) but do not install anything themselves.
!
Credentials
The SKILL.md lists OPENAI_API_KEY under requires.env but the code does not use this variable; the registry metadata shows no required envs. Other environment/config access is limited: the scripts reference $HOME and expect the OpenClaw CLI at $HOME/homebrew/bin/openclaw (hardcoded PATH modification). Requesting an unrelated API key or declaring it as required is disproportionate and may be an artifact or mistake.
Persistence & Privilege
The skill does not request always: true and does not attempt to modify other skills or system-wide settings. SKILL.md suggests a cron job entry in ~/.openclaw/cron/jobs.json as an example; scheduling is optional and not enforced by the skill.
Scan Findings in Context
[unicode-control-chars] unexpected: The static scan detected unicode control characters in SKILL.md; these can be used for prompt-injection or to hide content. There is no legitimate reason visible in the scripts for hidden characters, so this warrants inspection of the SKILL.md source for concealed instructions or obfuscation.
What to consider before installing
What to check before installing: - Ask the author why SKILL.md declares OPENAI_API_KEY even though the scripts don't use it; remove that requirement if it's unused. Unexplained credential requirements are a red flag. - Inspect the SKILL.md source for hidden/Unicode control characters (the scanner flagged unicode-control-chars). Open the file in a hex-aware editor or run a sanitizer to reveal hidden characters. - Verify the OpenClaw CLI path expected by scripts ($HOME/homebrew/bin/openclaw). If your openclaw binary is elsewhere, update the script to point to the correct path or ensure PATH is set safely. - Review and test scripts in a safe/isolated environment (or a non-production account) first. Run the report generation step without sending mail to validate outputs (daily-cost-report.sh). The send script uses the local mail command; ensure your mail agent is configured and that sending to external addresses is intended. - If you plan to schedule automation, review the cron/job JSON example carefully and ensure the agent permissions and delivery channel settings (e.g., Telegram phone number) are appropriate. - If you have limited security expertise, ask the maintainer to: (1) remove unrelated env declarations, (2) confirm there are no hidden chars, and (3) add a quick self-check that the openclaw binary exists or fail with a clear error. These clarifications would raise confidence and could change the verdict to benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b98ds49pnhrf4g84yd2bsth836v6e
201downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
Karl Varga@kjvarga
latest
Download

Daily Cost Report 📊

Generate comprehensive OpenClaw usage and cost reports with breakdowns by agent, model, and channel. Supports both on-demand analysis and automated daily email delivery.

Quick Start

# Generate report for yesterday (markdown)
{baseDir}/scripts/daily-cost-report.sh yesterday

# Generate report for a specific date
{baseDir}/scripts/daily-cost-report.sh 2026-03-18

# Generate report for today
{baseDir}/scripts/daily-cost-report.sh today

# Generate HTML-formatted email report
{baseDir}/scripts/daily-cost-report-email.sh yesterday

# Send email report to recipient
{baseDir}/scripts/send-cost-report.sh kjvarga@gmail.com yesterday

What It Does

The daily cost report analyzes OpenClaw session data for a specified date range and generates:

  • Total cost and token usage across all agents, models, and channels
  • Per-agent breakdown showing which agents consumed the most resources
  • Per-model breakdown showing cost distribution across Claude models, Deepseek, GPT, etc.
  • Per-channel breakdown showing usage from Telegram, CLI, web, etc.
  • Top sessions by cost identifying the most expensive individual sessions
  • Prompt cache metrics showing cache write/read tokens and cost savings

Reports use the current pricing for:

  • Claude Haiku 4.5
  • Claude Sonnet 4.5
  • Claude Opus 4.6
  • Deepseek V3.2
  • OpenAI GPT-4o-mini

Cache pricing (read/write) is factored into cost calculations.

Scripts

daily-cost-report.sh

Core report generator. Queries OpenClaw sessions via openclaw sessions --all-agents --json, filters by date range, calculates costs using model-specific pricing, and generates markdown output.

Output: /tmp/cost-report-YYYY-MM-DD.md

daily-cost-report-email.sh

Wraps the markdown report in an HTML email template with styled tables, summary metrics, and visual hierarchy.

Output: /tmp/cost-report-YYYY-MM-DD.html

send-cost-report.sh

Sends the HTML report via email using the mail command. Falls back to saving the file if mail delivery fails.

Usage: send-cost-report.sh <recipient-email> [date]

Cron Usage

The daily cost report is typically scheduled as a cron job in ~/.openclaw/cron/jobs.json:

{
  "id": "daily-cost-report",
  "agentId": "worker",
  "name": "main-daily-cost-report",
  "enabled": true,
  "schedule": {
    "kind": "cron",
    "expr": "0 8 * * *",
    "tz": "America/Vancouver"
  },
  "sessionTarget": "isolated",
  "wakeMode": "now",
  "payload": {
    "kind": "agentTurn",
    "message": "Generate yesterday's cost report and send to kjvarga@gmail.com"
  },
  "delivery": {
    "mode": "announce",
    "channel": "telegram",
    "to": "7918443630"
  }
}

The cron job invokes the skill, which then calls the appropriate scripts.

Manual Invocation from Agent

When Karl asks for a cost report:

# From any agent with exec access
exec(command: "bash ~/.openclaw/workspace/skills/daily-cost-report/scripts/daily-cost-report.sh yesterday")

# Or to generate and send email
exec(command: "bash ~/.openclaw/workspace/skills/daily-cost-report/scripts/send-cost-report.sh kjvarga@gmail.com yesterday")

Report Format

The report includes:

  1. Summary section - Total cost, tokens, cache metrics, savings
  2. Cost by Agent - Which agents are most active/expensive
  3. Cost by Model - Model-level resource consumption
  4. Cost by Channel - Usage by Telegram, CLI, web, etc.
  5. Top Sessions - Highest-cost individual sessions

All monetary values are in USD with 4 decimal precision. Token counts are formatted with thousands separators for readability.

Date Handling

Scripts accept:

  • yesterday (default) - Previous calendar day
  • today - Current calendar day
  • YYYY-MM-DD - Specific date

Date parsing is compatible with both macOS (date -v-1d) and Linux (date -d "yesterday").

Requirements

  • OpenClaw CLI: openclaw sessions --all-agents --json
  • jq for JSON processing
  • awk for aggregation
  • mail command (for email delivery)
  • bash 4+ (for associative arrays)

Cost

This skill costs nothing — it only reads session metadata that OpenClaw already tracks. No external API calls.

Example Output

# OpenClaw Daily Cost Report 🐈‍⬛
**Date:** 2026-03-18  
**Generated:** 2026-03-19 08:00:00 PDT

---

## Summary

| Metric | Value |
|--------|-------|
| **Total Cost** | $2.4567 |
| **Total Tokens** | 1,234,567 |
| **Input Tokens** | 987,654 |
| **Output Tokens** | 246,913 |
| **Cache Write Tokens** | 123,456 |
| **Cache Read Tokens** | 456,789 |
| **Cache Savings** | $0.3245 |

---

## Cost by Agent

| Agent | Cost | Tokens | Input | Output |
|-------|------|--------|-------|--------|
| main | $1.2345 | 654,321 | 543,210 | 111,111 |
| worker | $0.8901 | 400,000 | 320,000 | 80,000 |
| research | $0.3321 | 180,246 | 124,444 | 55,802 |
...

Comments

Loading comments...