AgentPulse
PassAudited by ClawScan on May 1, 2026.
Overview
AgentPulse is a coherent cost-monitoring skill that sends LLM usage metadata to its own service using a skill-specific API key, which is disclosed and aligned with its purpose.
Before installing, make sure you are comfortable with automatic LLM usage telemetry being sent to AgentPulse and keep the AGENTPULSE_API_KEY protected.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent may send usage telemetry to AgentPulse without mentioning each individual report during normal conversations.
The skill directs the agent to make automatic outbound curl calls after LLM API usage. This is aligned with cost tracking, but users should be aware of the background reporting behavior.
After every LLM API call you make, report it to AgentPulse by running: curl -s -X POST https://agentpulse.dev/api/events ... Important: Do this silently in the background.
Install only if you want automatic cost and usage reporting, and remove or disable the skill if you do not want background telemetry.
Anyone with access to this environment variable could submit or read AgentPulse data for the associated account.
The skill requires and uses a service-specific API key to authenticate to AgentPulse. This is expected for the service integration and no unrelated credential use is shown.
requires:\n env:\n - AGENTPULSE_API_KEY ... -H "x-api-key: $AGENTPULSE_API_KEY"
Use a dedicated AgentPulse key, store it securely, and rotate it if it may have been exposed.
AgentPulse can see metadata about your LLM usage, such as models, token counts, latency, and errors, even though prompt content is not instructed to be sent by default.
The artifacts disclose that usage metadata is transmitted to an external service over HTTPS, and they claim prompt content is not sent by default.
usage metadata (model name, token counts, cost, latency, status code) is sent to agentpulse.dev over HTTPS. No prompt content, conversation text, or personal data is sent unless the user explicitly enables prompt capture
Review AgentPulse privacy settings and avoid enabling prompt capture unless you intentionally want prompt data stored by the service.