ClawHub

Token Tamer — AI API Cost Control

v1.1.0

Monitor, budget, and optimize AI API spending across any provider. Tracks every call, enforces budgets, detects waste, provides optimization recommendations.

0· 177·0 current·0 all-time
byShadow Rose@theshadowrose
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (API cost tracking, budgets, waste detection) align with the provided code and SKILL.md. The code implements local logging, cost calculation, reports, and heuristics for waste — everything needed for the stated purpose. No unrelated cloud credentials, binaries, or capabilities are requested.
Instruction Scope
SKILL.md instructions limit the agent to local setup (copy config, set filepath, call log_usage, run CLI scripts). Instructions do not ask the agent to read unrelated system files, environment variables, or transmit data externally. Limitations are documented (manual logging, no provider reconciliation).
Install Mechanism
There is no install spec and code is pure-Python stdlib. Nothing is downloaded or written to system locations apart from the configured usage JSON file. This is low-risk compared with remote installers or archive extraction.
Credentials
The skill declares no required env vars, no credentials, and the code only imports a local token_config module. Config fields for webhooks exist in the example but default to None; there are no implementations that automatically send data to external endpoints. Requested configuration is proportional to purpose.
Persistence & Privilege
The skill persists usage to a local JSON file (USAGE_FILE) and will create parent directories when saving. Kill-switch state is in-memory and resets on process restart (documented). This file-write behavior is expected for a tracker but you should ensure USAGE_FILE path and permissions are acceptable for your environment; concurrent writers may corrupt the file (documented limitation).
Assessment
This appears to be a local, instruction-driven cost tracker that matches its description. Before installing: 1) Copy and edit config_example.py to set USAGE_FILE to a safe location you control; do not leave paths pointing to root or other sensitive dirs. 2) Ensure all your application API calls call tamer.log_usage()/check_before_call() if you want enforcement — the tool does not intercept calls automatically. 3) Back up the USAGE_FILE if you need history and avoid concurrent writes (multiple processes may corrupt the JSON). 4) Note the kill switch is process-local (resets on restart) and webhook/export fields are present in config_example but not active by default — review any future changes that enable network exports. 5) If you need team-wide or multi-host tracking, migrate to a DB or central exporter (the skill is intentionally local-only). Overall the package is coherent and does not request unrelated secrets or perform hidden network activity.

Like a lobster shell, security has layers — review code before you run it.

api-costsvk97bsn2hk4wqd0ssmbh9bkmhph82rx9cbudgetvk97bsn2hk4wqd0ssmbh9bkmhph82rx9ccost-controlvk97bsn2hk4wqd0ssmbh9bkmhph82rx9clatestvk97bsn2hk4wqd0ssmbh9bkmhph82rx9cmonitoringvk97bsn2hk4wqd0ssmbh9bkmhph82rx9coptimizationvk97bsn2hk4wqd0ssmbh9bkmhph82rx9cspendingvk9709mah5h8n8pz9qns5nx559d82r33s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments