Skylv Api Budget Guardian
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a purpose-aligned local budget tracker that runs a Node.js script and stores cost/usage totals locally, with no evidence of credential access, network exfiltration, or destructive behavior.
This looks safe to use as a local cost tracker, but treat it like any local script: inspect the full installed file, run commands only when intended, and remember that .cost-guard.json stores your budget and usage history in the current directory.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may need to trust and inspect the bundled script directly before running it.
The skill relies on local script execution but provides limited provenance and no install specification, so users have less context for where the code came from or how it should be installed.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the full script from the installed package and run it only from a directory where you are comfortable creating the local cost-tracking file.
Installing or using the skill may cause your agent or you to run the bundled JavaScript locally.
The skill documents running a local Node.js script. This is expected for the CLI-style cost tracker, but it is still local code execution.
node cost_guard.js init 100
Run the commands intentionally, verify Node.js is available, and inspect the script first if you do not trust the package source.
Your model names, token counts, spend totals, and budget settings may remain on disk in the current directory.
The script persists budget and usage history in a local JSON file. This is purpose-aligned, but it creates reusable local state that could reveal usage patterns or be edited by local processes.
const COST_FILE = '.cost-guard.json'; ... costs.tokenLog.push({ timestamp: new Date().toISOString(), tokens: t, model: m, cost: totalCost }); ... fs.writeFileSync(COST_FILE, JSON.stringify(costs, null, 2));Keep the .cost-guard.json file in an appropriate project directory, avoid committing it if the data is sensitive, and back it up before reinitializing.