OC Cost Analyzer
v1.0.1分析 OpenClaw 的 token 使用和成本,识别高消耗场景(长对话、频繁 cron、大 context),给出具体优化建议(模型降级、context 压缩、cron 频率调整)。纯 Node.js,无外部依赖。输出清晰的成本报告。
⭐ 0· 338·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose — analyzing OpenClaw session logs and producing a local cost report — matches the included script's behavior. The script reads session-like JSON lines and computes token/cost stats and recommendations. However, the SKILL.md/README/SECURITY texts reference a different session path (~/.openclaw/agents/main/agent/sessions/*.jsonl) while the script's CONFIG.logsDir is ~/.openclaw/workspace/memory/conversations. This mismatch is likely an authoring/documentation error but could cause the tool to analyze the wrong files or miss logs.
Instruction Scope
Runtime instructions are straightforward (run node scripts/cost_analyzer.js analyze|quick) and otherwise local. But SKILL.md contains example shell commands that modify or delete files (e.g., find ~/.openclaw/workspace/memory -name "2026-*.md" -mtime +30 -delete) and other suggested commands (openclaw cron add/edit) that implicitly perform system changes if executed by the user. The script itself appears read-only except for writing the report; the documentation's 'no modifications' claim conflicts with suggested shell commands and with different log paths — this inconsistency broadens the agent's effective scope if a user follows the docs without review.
Install Mechanism
No install spec or network downloads. The skill is delivered as code files (pure Node.js) and expects node to run it. This is low-risk compared with remote installers.
Credentials
The skill requests no environment variables or credentials. It only accesses files under the user's home (reads logs, writes a report). No API keys or external services are required, which is proportionate for local cost analysis.
Persistence & Privilege
always is false and the script does not request elevated privileges. It writes output to ~/.openclaw/workspace/memory (report file) which is reasonable. There is no evidence the skill modifies other skills or global config. However the documentation suggests shell commands that can delete files — if users run those examples blindly they could cause data loss.
What to consider before installing
This skill is overall coherent with its stated purpose (local token/cost analysis) and does not call out to the network or require credentials, but there are documentation vs code mismatches you should address before running it. Actions to take before installing/running: 1) Inspect scripts/cost_analyzer.js yourself (it is included) to confirm it only reads the files you expect and only writes the report path. 2) Note the path mismatch: decide whether your session logs live in ~/.openclaw/agents/.../sessions or in ~/.openclaw/workspace/memory/conversations and update the script or docs accordingly. 3) Do NOT run any example shell delete commands until you back up those directories and understand the command. 4) Run the script in a limited environment (non-privileged account) first and review the generated report. 5) If you plan to automate via cron, double-check the full command and file paths to avoid accidental deletions or analyzing unrelated files. If you want higher assurance, ask the maintainer to fix the documentation inconsistency and to add a dry-run mode that emits which files would be analyzed before performing any writes.Like a lobster shell, security has layers — review code before you run it.
latestvk976p2ddfs04kcpd0rawrwvh8581w2bg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.