ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Token Budget Monitor

v1.0.0

Track and control token consumption across OpenClaw cron jobs

1· 1k·5 current·5 all-time
by@aviclaw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (token-budget monitoring for cron jobs) align with the files and code: track-usage.js implements per-job tracking, daily limits, alerts, and model recommendations. Required resources (no env vars, no external binaries) are proportionate to the stated functionality.
Instruction Scope
Runtime instructions stay within scope (run the CLI commands and add a call after LLM calls). One minor concern: the Integration example recommends building a shell command via string concatenation passed to exec (exec('node /path/to/track-usage.js track <job-name> ' + usage.input_tokens + ' ' + usage.output_tokens + ' ' + model)). That pattern can lead to shell-injection if job or model values are attacker-controlled. Otherwise the SKILL.md does not instruct reading unrelated files or sending data externally.
Install Mechanism
Instruction-only skill with no install steps and no downloads — lowest-risk install model. There are local code files but nothing is fetched from external URLs.
Credentials
No environment variables, no secrets, and only minimal use of HOME (to choose output dir) — consistent with the purpose. The code reads a local config.json in the skill directory; no unexpected credential or config paths are requested.
Persistence & Privilege
Does not request permanent/always-on privileges, does not modify other skills or system-wide config. It writes usage data to ~/.openclaw/workspace/outputs/token-usage.json which is a limited persistence scope and expected for this tool.
Assessment
This skill appears to do what it says: it reads config.json in the skill folder and writes a local usage file to ~/.openclaw/workspace/outputs/token-usage.json. It asks for no credentials and makes no network calls. Before installing: 1) Review and, if desired, change the OUTPUT_DIR path to a location you control and ensure appropriate file permissions. 2) Do not paste untrusted values into the integration command as shown; avoid building shell commands by concatenation. Instead invoke the script with a safe argument array (child_process.spawn or execFile) or validate/sanitize job and model names to prevent command injection. 3) If you plan to run this under different users or CI, verify how HOME is set (code falls back to /home/ubuntu). 4) Run it in a sandbox or test environment first to confirm it writes only the expected JSON file. Overall this skill is internally consistent and low-risk for typical usage.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dxjdz2f9zm3wb0b6ssx6f9h81qb8z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments