ClawHub

TokenBooks Cross-Provider AI Spend Dashboard

v1.0.0

See where your AI money goes. Track spending across OpenAI, Anthropic, Google, and more. Per-provider breakdowns, per-model costs, budget tracking, waste det...

1· 180·0 current·0 all-time
byShadow Rose@theshadowrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim a local spend-aggregation/dashboard tool; included scripts parse exported billing CSV/JSON, aggregate costs, detect waste, and render an HTML report. No extraneous credentials, cloud APIs, or binaries are required.
Instruction Scope
SKILL.md instructs the agent to read user-exported billing files, run local Python scripts, and open an HTML file. The runtime instructions and code only read and write local files specified by the user; they do not attempt to read unrelated system paths or access network endpoints.
Install Mechanism
No install spec; the package is instruction/code-only and uses only the Python standard library. Nothing is downloaded or extracted at install time.
Credentials
The skill declares and requires no environment variables, credentials, or config paths. The code does not reference external tokens or secret env vars. All inputs come from user-supplied billing files.
Persistence & Privilege
Skill is not always-enabled and does not modify other skills or system-wide agent settings. It runs on demand and only writes reports/exports to paths the user provides.
Assessment
This tool appears to be a local, offline spend analyzer and is internally consistent with that purpose. Before running: (1) Review the bundled scripts yourself (they are included) and run them on non-sensitive sample files first; (2) Only feed billing exports you trust — the tool will read whatever CSV/JSON you provide and will include those values in reports (garbage-in/garbage-out); (3) Be aware of limitations noted in LIMITATIONS.md (no de-duplication, memory use for very large files, currency assumptions, and estimation for unknown models); (4) Because the package source is 'unknown' and author is a pseudonym, consider running it in an isolated environment (container/VM) if you need stronger assurance. Otherwise, the code does not request secrets or use the network.

Like a lobster shell, security has layers — review code before you run it.

analyticsvk97e22294163rtawwbmtdt207982snqqbudgetvk97e22294163rtawwbmtdt207982snqqcost-trackingvk97e22294163rtawwbmtdt207982snqqdashboardvk97e22294163rtawwbmtdt207982snqqlatestvk97e22294163rtawwbmtdt207982snqqmulti-providervk97e22294163rtawwbmtdt207982snqqspendingvk97e22294163rtawwbmtdt207982snqq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments