Usage Monitor
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like a disclosed local usage-dashboard monitor, but it can rely on your logged-in browser session, recurring checks, and local logs containing usage details.
This skill appears reasonable for monitoring a specific usage dashboard. Before installing, make sure you are comfortable with OpenClaw accessing the configured page while logged in, avoid URLs that contain secrets if possible, keep config.json and usage-log.md private, and only enable the HEARTBEAT entry if you want automatic recurring checks.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
OpenClaw may be able to view authenticated usage-dashboard content for the URL you configure.
The monitor may rely on the user's logged-in browser session to view the configured usage dashboard.
浏览器自动化需要保持登录状态(如需要)... 首次使用需手动访问一次页面完成登录(如需要)
Only point it at a specific usage/quota page you want the agent to read, and prefer a read-only or least-privilege account when possible.
The monitor may run periodically after setup instead of only when manually invoked.
The skill documents a recurring monitoring task through HEARTBEAT.md, creating disclosed autonomous behavior.
启用自动监控 编辑工作区的 `HEARTBEAT.md`,添加: - [ ] 检查服务用量
Add the HEARTBEAT entry only if you want recurring monitoring, and remove it when you no longer need automatic checks.
Your dashboard URL and usage history may be stored locally and could be exposed if you share or publish those files.
The documentation acknowledges that the local config and generated usage log can contain personal URLs and usage information.
`config.json` 包含个人 URL,**不要分享给他人** ... `usage-log.md` 包含用量数据,**不要上传到公开仓库**
Do not commit or share config.json or usage-log.md, and review the URL for embedded account identifiers or secrets before saving it.
Installation may fail or behave differently on systems without Node.js, though no hidden dependency or remote install is shown.
The metadata declares no required binaries, while the documented run command requires Node.js.
"requires": { "bins": [] }, "install": [] ... node skills/usage-monitor/check.jsEnsure Node.js is available before use, and consider declaring it explicitly in the skill metadata.